Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XMPPTCPConnection - setEnabledSSLProtocols/ ciphers can never work #68

Closed
wants to merge 1 commit into from
Closed

XMPPTCPConnection - setEnabledSSLProtocols/ ciphers can never work #68

wants to merge 1 commit into from

Conversation

tomxnosek
Copy link

Hi,
when i was trying to force usage of TLSv1.2, I found out that setting enabledSSLProtocols and enabledSSLCiphers in XMPPTCPConnectionConfiguration can never work.

It is because of opening input/output stream on the socket before setting the parameters - implicit handshake session is created (without the custom params) and used for the handshake.

More info here:
http://stackoverflow.com/questions/13943351/how-to-specify-the-ciphersuite-to-be-used-in-ssl-session
http://docs.oracle.com/javase/7/docs/api/javax/net/ssl/SSLSocket.html

Thanks!

@Flowdalic
Copy link
Member

Thanks for the report!

It is because of opening input/output stream on the socket before setting the parameters

I can't find that as documented cause for an implicit handshake. SSLSocket only lists

  • calling startHandshake which explicitly begins handshakes, or
  • any attempt to read or write application data on this socket causes an implicit handshake, or
  • a call to getSession tries to set up a session if there is no currently valid session, and an implicit handshake is done.

But I can't rule out that something tries to read or write from/to the socket. But of course it would be great if the exact reason was known.

I assume you have verified that fixes the issue. If that's the cause, then it satisfies an issue number. I've created SMACK-712. The commit needs some polishing. Could you

  • Mention the issue key somewhere in the commit message
  • Write a short summary about what was wrong and how you fixed it in the commit message
  • Set the commit title to something like "Fix setEnabledSSL(Protocols|Ciphers)" (or similar)

Fix setEnabledSSL(Protocols|Ciphers)
25b7db0 
- this commit fixes issue SMACK-712
- problem caused by opening input/ output stream before setting ssl parameters to SSLSession
- problem fixed by changing order of this operations
@tomxnosek
Copy link
Author

Hi,
I changed the commit message as you requested.

If you check for example this implementation of SSLSocket, opening of I/O stream causes starting handshake.

@Flowdalic
Copy link
Member

I've uploaded Smack 4.1.7-SNAPSHOT, which includes a fix for this, to Maven Central's snapshot repositories. Could you try it out and report back if it solves the issue for you?

@Flowdalic
Copy link
Member

Closing as SMACK-712 has been fixed.

@Flowdalic Flowdalic closed this Apr 14, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@tomxnosek @Flowdalic