ssl - JavaMail (SMTPS) + Grizzly, handshake failure -
i'm trying test own implementation of smtp server made on top of grizzly framework , struggling handshake problem during checking smtps support of javamail.
found similar problem handshake (or not me) don't use client mode grizlly sslengineconfigurator, guess root of problem should different.
code grizzly ssl configuration initialization (in integration test) looks following:
try (inputstream keystorestream = transportencryptionit.class.getresourceasstream("server_keystore.jks")) { sslcontextconfigurator sslcon = new sslcontextconfigurator(); sslcon.setsecurityprotocol("tlsv1.2"); sslcon.setkeystoretype("jks"); sslcon.setkeystorebytes(ioutils.tobytearray(keystorestream)); sslcon.setkeystorepass(""); sslconf = new sslengineconfigurator(sslcon, false, false, false); } i install sslfilter filterchain (with server ssl config) immidiatly after transportfilter (which first filter in chain).
filterchainbuilder.add(new sslfilter(sslconf , null)); and configure javamail smtps in following way:
properties properties = new properties(); properties.setproperty("mail.transport.protocol", "smtps"); properties.setproperty("mail.smtps.host", ${host}); properties.setproperty("mail.smtps.port", ${port}); //need since i'm using self signed certificate not added truststore properties.setproperty("mail.smtps.ssl.trust", "*"); results of handshake (ssl debug server):
[raw read]: length = 163 0000: 01 00 00 9f 03 01 54 7c d5 30 98 30 ca 59 39 d7 ......t..0.0.y9. 0010: b0 4a b6 fc 8f 8d e9 bd 4b 88 d6 bf ee e8 f9 ff .j......k....... 0020: 8a eb 28 cf 98 ab 00 00 38 c0 0a c0 14 00 35 c0 ..(.....8.....5. 0030: 05 c0 0f 00 39 00 38 c0 09 c0 13 00 2f c0 04 c0 ....9.8...../... 0040: 0e 00 33 00 32 c0 07 c0 11 00 05 c0 02 c0 0c c0 ..3.2........... 0050: 08 c0 12 00 0a c0 03 c0 0d 00 16 00 13 00 04 00 ................ 0060: ff 01 00 00 3e 00 0a 00 34 00 32 00 17 00 01 00 ....>...4.2..... 0070: 03 00 13 00 15 00 06 00 07 00 09 00 0a 00 18 00 ................ 0080: 0b 00 0c 00 19 00 0d 00 0e 00 0f 00 10 00 11 00 ................ 0090: 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0b 00 ................ 00a0: 02 01 00 ... grizzly-worker(1), read: tlsv1 handshake, length = 163 grizzly-worker(2), fatal error: 80: problem unwrapping net record javax.net.ssl.sslprotocolexception: handshake message sequence violation, 1 grizzly-worker(2), send tlsv1.2 alert: fatal, description = internal_error grizzly-worker(2), write: tlsv1.2 alert, length = 2 results of handshake (ssl debug client):
[raw read]: length = 249 0000: 01 00 00 f5 03 03 54 7c d5 30 6e 1c e7 b3 36 de ......t..0n...6. 0010: a6 26 73 78 2b 66 d1 d1 e8 c4 94 ca 63 34 22 bf .&sx+f......c4". 0020: 60 9d 13 03 59 1f 00 00 70 c0 24 c0 28 00 3d c0 `...y...p.$.(.=. 0030: 26 c0 2a 00 6b 00 6a c0 0a c0 14 00 35 c0 05 c0 &.*.k.j.....5... 0040: 0f 00 39 00 38 c0 23 c0 27 00 3c c0 25 c0 29 00 ..9.8.#.'.<.%.). 0050: 67 00 40 c0 09 c0 13 00 2f c0 04 c0 0e 00 33 00 g.@...../.....3. 0060: 32 c0 07 c0 11 00 05 c0 02 c0 0c c0 2c c0 2b c0 2...........,.+. 0070: 30 00 9d c0 2e c0 32 00 9f 00 a3 c0 2f 00 9c c0 0.....2...../... 0080: 2d c0 31 00 9e 00 a2 c0 08 c0 12 00 0a c0 03 c0 -.1............. 0090: 0d 00 16 00 13 00 04 00 ff 01 00 00 5c 00 0a 00 ............\... 00a0: 34 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 4.2............. 00b0: 07 00 09 00 0a 00 18 00 0b 00 0c 00 19 00 0d 00 ................ 00c0: 0e 00 0f 00 10 00 11 00 02 00 12 00 04 00 05 00 ................ 00d0: 14 00 08 00 16 00 0b 00 02 01 00 00 0d 00 1a 00 ................ 00e0: 18 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 ................ 00f0: 01 02 03 02 01 02 02 01 01 ......... main, read: tlsv1.2 handshake, length = 249 main, handling exception: javax.net.ssl.sslprotocolexception: handshake message sequence violation, 1 main, send tlsv1.2 alert: fatal, description = unexpected_message main, write: tlsv1.2 alert, length = 2 [raw write]: length = 7 0000: 15 03 03 00 02 02 0a ....... main, called closesocket() strange thing me smtp + starttls works server, handshake done successfully, checked via ssl debug.
sole thing i'm not sure i'm using self created certificate not added truststore. java mail option "mail.${protocol}.ssl.trust" works smtp + starttls somehow not work smtps ?
tried use mailsslsocketfactory force javamail trust server certificate seems not invoked (checked debuger).
javamail version 1.4.7
grizzly 2.3.17
update
finally found difference in source code, seems nothing javamail usage of grizzly framework , installation of sslfilter filterchain. when start server smtps server, filter installed in following way:
filterchainbuilder.add(new transportfilter()); if (configuration.getsslconfig() != null) { sslfilter = new sslfilter(configuration.getsslconfig(), null); if (configuration.issmtpsenabled()) { filterchainbuilder.add(sslfilter); } } smtplinecodecfilter = new smtplinecodecfilter(); filterchainbuilder.add(smtplinecodecfilter); but starttls (since client might ask raise transport encryption) it's done in way:
filterchain securedfilterchain = new defaultfilterchain(defaultchain); int transportfilterindex = defaultchain.indexoftype(transportfilter.class); // add connection security layer chain securedfilterchain.add(transportfilterindex + 1, sslfilter); this difference leads different filters installed, filter chain looks this:
in first case - sslbasefilter.ssltransportfilterwrapper -> sslfilter
in second case - transportfilter -> sslfilter
now don't know sure proper way, @ least second case works me.
highly appreciate grizzly guru answers :)
you're configuring "smtps" protocol, perhaps you're not using smtps protocol? how connecting server? try using gettransport("smtps"), in code example in this javamail faq entry. also, make sure you're not using session.getdefaultinstance. if doesn't work, post javamail debug output.
Comments
Post a Comment