With the help of TLSv1.2 with Java 7

Hello
We are trying to migrate our server so it can use TLSv1.2 in Java 7, but we have some difficulty to operate. I took the example of EchoServer/EchoClient http://stilius.net/java/java_ssl.php, I ran and it worked fine (by default using SSL). I modified the code to get a SSLContext and get TLSv1.2 Protocol:

SSLContext ret = SSLContext.getInstance ("TLSv1.2");
RET.init (null, null, null);

It does not, when the client sent to the server data, we obtained a SSLHandShakeException. Through some research, it seemed to me that I had to use my own default keystore that comes with Java, so I created an and changed the echo test to use as the keystore (to the server) and the TrustStore (for the client).

It worked as expected when you use the default encryption algorithms. Now, I changed the server and the client to call "setEnabledCiphers" in him passing TLSv1.2 encryption ("TLS_DHE_DSS_WITH_AES_128_CBC_SHA256", to be precise). The customer can 'connect', but when I type something that I have an excepiton of the handshake, the server displays

javax.net.ssl.SSLHandshakeException: no shared cipher suites

Here is the code updated to the server:
-----

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

import javax.net.ssl.KeyManager;
import javax.net.ssl.KeyManagerFactory;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;

public class EchoServer {
     
     private static KeyManager[] getKeyManagerArray(String keystore,
               String keystorePasswd) {
          KeyManager[] ret = null;
          String keyFile = "mySrvKeystore";

          if (null != keystore) {
               keyFile = keystore;
          } else {
               keyFile = "mySrvKeystore";
               File t = new File(keyFile);
               if (!t.exists()) {
                    keyFile = "../" + keyFile;
                    t = new File(keyFile);
                    if (!t.exists()) {
                         throw new RuntimeException("Could not find key manager file");
                    }
               }
          }
          if (null == keystorePasswd) {
               keystorePasswd = "123456";
          }
          try {
               System.out.println("Using keystore: " + keyFile);
               KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
               KeyStore ks = KeyStore.getInstance("JKS");
               // initialize KeyStore object using keystore name
               ks.load(new FileInputStream(keyFile), null);
               kmf.init(ks, keystorePasswd.toCharArray());
               ret = kmf.getKeyManagers();
          } catch (Exception e) {
               e.printStackTrace();
          }

          return ret;
     }
     
     private static SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException {
          SSLContext ret = SSLContext.getInstance("TLSv1.2");
          KeyManager[] km = getKeyManagerArray(null, null);
          ret.init(km, null, null);
          return ret;
     }
     
     public static void main(String[] arstring) {
          try {
               SSLContext sc = getSSLContext();
               
               SSLServerSocketFactory sslserversocketfactory = (SSLServerSocketFactory) sc.getServerSocketFactory();
               SSLServerSocket sslserversocket = (SSLServerSocket) sslserversocketfactory
                         .createServerSocket(9999);
               
               final String[] enabledCipherSuites = { "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" };
               sslserversocket.setEnabledCipherSuites(enabledCipherSuites);
               
               System.out.println("Enabled ciphers: " + Arrays.toString(sslserversocket.getEnabledCipherSuites()));
               
               SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();

               InputStream inputstream = sslsocket.getInputStream();
               InputStreamReader inputstreamreader = new InputStreamReader(
                         inputstream);
               BufferedReader bufferedreader = new BufferedReader(
                         inputstreamreader);

               String string = null;
               while ((string = bufferedreader.readLine()) != null) {
                    System.out.println(string);
                    System.out.flush();
               }
          } catch (Exception exception) {
               exception.printStackTrace();
          }
     }
}

-----
Here's the customer update
-----

import java.io.BufferedReader;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileInputStream;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.security.KeyManagementException;
import java.security.KeyStore;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLSocket;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;

public class EchoClient {
     
     private static TrustManager[] getTrustManagerArray(String truststore,
               String pwd) {
          TrustManager[] ret = null;
          String trustFile = "mySrvKeystore";
          if (null != truststore) {
               trustFile = truststore;
          } else {
               File t = new File(trustFile);
               if (!t.exists()) {
                    trustFile = "../" + trustFile;
                    t = new File(trustFile);
                    if (!t.exists()) {
                         throw new RuntimeException("Could not find trust file");
                    }
               }
               pwd = "123456";
          }

          try {
               System.out.println("Using " + trustFile + " as truststore");
               TrustManagerFactory tmf = TrustManagerFactory
                         .getInstance("SunX509");
               KeyStore ts = KeyStore.getInstance("JKS");
               // initialize truststore object using truststore name
               ts.load(new FileInputStream(trustFile), pwd.toCharArray());
               tmf.init(ts);
               ret = tmf.getTrustManagers();
          } catch (Exception e) {
               e.printStackTrace();
          }
          return ret;
     }
     
     private static SSLContext getSSLContext() throws NoSuchAlgorithmException, KeyManagementException {
          SSLContext ret = SSLContext.getInstance("TLSv1.2");
          TrustManager[] tm = getTrustManagerArray(null, null);
          ret.init(null, tm, null);
          return ret;
     }
     
     public static void main(String[] arstring) {
          try {
               SSLContext sc = getSSLContext();
               
               SSLSocketFactory sslsocketfactory = (SSLSocketFactory) sc.getSocketFactory();
               
               SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(
                         "localhost", 9999);
               
               final String[] enabledCipherSuites = { "TLS_DHE_DSS_WITH_AES_128_CBC_SHA256" };
               sslsocket.setEnabledCipherSuites(enabledCipherSuites);
               
               System.out.println("Enabled ciphers: " + Arrays.toString(sslsocket.getEnabledCipherSuites()));
               
               InputStream inputstream = System.in;
               InputStreamReader inputstreamreader = new InputStreamReader(
                         inputstream);
               BufferedReader bufferedreader = new BufferedReader(
                         inputstreamreader);

               OutputStream outputstream = sslsocket.getOutputStream();
               OutputStreamWriter outputstreamwriter = new OutputStreamWriter(
                         outputstream);
               BufferedWriter bufferedwriter = new BufferedWriter(
                         outputstreamwriter);

               String string = null;
               while ((string = bufferedreader.readLine()) != null) {
                    bufferedwriter.write(string + '\n');
                    bufferedwriter.flush();
               }
          } catch (Exception exception) {
               exception.printStackTrace();
          }
     }
}

Outside the inecure 'solutions' that I will not address it here, JSSE and actually TLS and SSL themselves have always required at least a peer to be authenticated. This means that this peer must have a private key and the certificate in a keystore. By default, that peer are the server, but you can turn around with the API. The certificate must be approved by other peers, that is by default of the customer, which means that it must be signed by a CA or self-signed and imported in the client's truststore.

Tags: Java

Similar Questions

With the help of 1.7.0_07 - b11 version JRE Java hotspot Client VM

I can't use by net cooking system indicates error java and java download does not work with my system with windows 7 giant premium 64 bit computer laptop.

REPRT ERROR:

Java plug-in 10.7.2.11
With the help of 1.7.0_07 - b11 version JRE Java hotspot Client VM
Home Directory user = C:\Users/
----------------------------------------------------
c: clear console window
f: finalize objects on the finalization queue
g: garbage collection
h: display this help message
l: dump classloader list
m: print memory usage
o: trigger logging
q: Hide console
r: reload the policy configuration
s: dump system and deployment properties
t: dump thread list
v: dump thread stack
x: delete the cache of class loaders
0-5: set the trace level

Hello

1 are you facing this problem with a specific Web site?

2 are you having the same problem on other browsers as well?

Please follow the links below to solve the problem.

Method 1

How to troubleshoot script errors in Internet Explorer

http://support.Microsoft.com/kb/308260

Note: follow the steps as troubleshooting applies to JAVA issues.

Step 2

How to enable Java in my web browser?

http://www.Java.com/en/download/help/enable_browser.XML

Method 2

If you still face problems, please uninstall and reinstall JAVA

Remove all traces of the failure of the Java installation by uninstalling Java:

http://www.Java.com/en/download/help/uninstall_java.XML

Install Java

http://www.Java.com/en/download/index.jsp

I hope this helps.

How can I get the name of rulefiles in application with the help of custom java code.
Hello.
I want to get the names of rulefiles of analytical service with the help of java api.
How can I get the name of rulefiles. What api should I use for this problem?
Hello

IEssCube.getOlapFileObjects () api allows you to retrieve files of rules.
Insert this code snipid in your code, it will list all the rules files.

IEssCube cube = olapSvr.getApplication("Sample").getCube ("Basic");
ITR IEssIterator = cube.getOlapFileObjects (IEssOlapFileObject.TYPE_RULES);
RFS [] IEssBaseObject = itr.getAll ();
System.out.println ("rule file count:" + rfs.length);
for (int i = 0; i)< rfs.length;="" i++)="">
System.out.println ("RuleFile" + i + ":" + ((EssOlapFileObject)rfs). getName() ' ");
}

You can also list the data files and other objects in file by changing the IEssOlapFileObject.TYPE in getOlapFileObjects()

Concerning
Rajeev Singh

With the help of EQ with Java 7 Workgroup Manager

Oracle is declining in favour of Java 6. How can I get Bishop Grp to work with java 7? I have a 5000 PS to fw version 6.02.

Thank you.

It's something on the browser side OS. What browser do you use? The Web page sees that it is a java applet and call Java Runtime on the host computer.

I would like to clear the cache from my browser and java and try again.

When I start my online banking, the options do not load. I get a message that the applet is not started because it has not been initialized (I think it has to do with Java). What should I do?

I go on my site of the Fund and go to my accounts. And I can get into my account. But the menu that allows you, among other things, go to the online banking is not. Keep it from the page it says "start applet" and then immediately "uninitialized applet." How as it initialized? I think, but am not really sure that it has something to do with Java.

To see if you need an update to the Java plugin, see the Oracle here test page:

http://www.Java.com/en/download/testjava.jsp

Who help me?

With the help of AMPA on non - WS Data Controls

Hello community MAF .
I'm developing an Application of MAF that consumes the REST API of WebCenter portal (which is based on the model of HATEOAS).
I want to make powerful from scratch, including the following:
-Offline mode (using the SQLite).
-Persistence, of setting cache and synchronization using AMPA.
Looks like it's not easier to apply directly on the REST API of WCP AMPA.
The REST API of WCP is the result of a call of two steps:
1) authenticate using BASIC authentication against http://Host/repos/api/resourceIndex for the utoken
(2) use utoken as the URL parameter for the next call of REST for the specific service.
I know that the Bus Service could be a possibility on the creation of a more simple REST on the WCP REST API, but is not an option right now because that is not easy to map.
My questions are:
(1) can we use AMPA on data controls in Java that will call internally to (DB in case of offline mode, REST by program in the case of online mode).
(2) can define us manually in the persistenceMapping.xml?
(3) is there anything else more easy to use wizards with HATEOAS base based Services?
Thanks in advance
Kind regards.

Daniel,

Why is it not service bus an option? You say 'not easy to map', but do the mapping in the MAF makes it not easier, it? the REST API of pressurization is not very easy to mobile, so this transformation to a more usable by using bus service API cost as a good idea for me. See also this article from the A-team.

Answers to your questions:

(1) Yes, this is the added value of nucleus of AMPA. You get a service generated the DTC Assistant classes, then you turn this class in a bean data control and use this data control bean for the construction of your user interface. The service class will access local DB and the service REMAINS remote. By default, AMPA will directly show the current data of the local DB, and then in the background call the REST service (online) and refresh the UI, once the REST call has been processed. But this behavior is very configurable and can be changed as you wish.

(2) Yes, of course, you can manually create data objects, classes of service and persistence mappings, but the wizard is generally much faster.

(3) HATEOAS logical not for the dynamics of UI where the next action is determined by a link returned in the payload. It is a different model from the static of the UI we build in general with MAF. What is your problem with the help of the wizard of the AMPA?

Steven Davelaar,

Oracle Mobile & Cloud A-team.

With the help of screens LCD producr / consumer in WebLogic WSRP portlet does not work

I look at the use of displays LCD asynchronously "push" data to Flash in WebLogic portlets components. I've set up a test with a destination of producer/consumer of LCD screens - the Flash component is the consumer and the producer is implemented in a java Servlet. The test code is essentially a copy of the script data push in samples of LCD screens. The test is run in 'local' portlets and portlets that are intended to be consumed by other portals using WSRP.
When I run the test by using 'local' portlets (i.e., hosted on the same server as the portal and accessible Portal through the portal on this same server) everything works fine. When I run my servlet of producers, consumers get the asynchronous push.
However, when the Flash component is a portlet consumed remotely in another portal via WSRP, push does not work. I have run the servlet, I see local customers, get the message, but the WSRP portlets never gets the message. I have to do something different to enable LCDs to push to a remotely consumed WSRP portlet data?

Hi StevePamp,

To expose to consumer WSRP portlet, add the following instead of the portlet-preferences of the portlet.xml file section. This setting enabled queries SWF files be sent by proxy if the consumer according to the WSRP specification server.
```
     channel_uri     /messagebroker/amfpolling     true 
```
The documentation is available here:

http://help.Adobe.com/en_US/LiveCycleDataServicesES/3.1/developing/WSC 3ff6d0ea77859461172e0811f00f7045b - 7f2bUpdate.html

I would like to know if it works for you?

Thank you

Rohit

My AirPort Extreme end not implemented with the help of AirPort Utility

Bought a used AirPort Extreme (Genesis 4) of a person who showed me that he worked at home. When I try to set up as a Wireless extender to my last existing AirPort Extreme, he will not carry out synchronization upward with AirPort Utility. It appears as a new extreme, but get a message 'unexpected error' before or after the name. Have you tried to reset the two while it is powered and turning the as explained in the help.

When I try to set up as a Wireless extender...

Gen 4 airport will connect to your existing AirPort Extreme wireless... or... it will connect using wired Ethernet wired, Permanent?

.. .it will not accomplish the synchronization upward with AirPort Utility.

Which version of AirPort Utility? If it's on your Mac... and you don't know what version you have...

Open AirPort Utility

Click the AirPort Utility menu in the upper left corner of the screen

Click on about AirPort Utility

Report on the version number you see here

You have an iPhone or a handy iPad that could be used to implement the 4th Gen airport if the problems continue with the help of your Mac?

With the help of iPhone 6 s. try to copy the text message with a tap double and get a bubble with icons. How can I copy the message to paste in another?

Try to copy a text to paste in another. When I double tap, as I always have, all I get is a bubble with icons on it. With the help of OS 10.0.2.

maryml wrote:

Try to copy a text to paste in another. When I double tap, as I always have, all I get is a bubble with icons on it. With the help of OS 10.0.2.

Press and hold on the text and wait for the copy/more pop up.

With the help of Club running on the Nike watch +.

Hello

This is something I have tried to work for a while and have not yet been able to find an answer. At the moment I use Nike + management club on my iPhone to follow the tracks that I find that gps is better than just using the application of the workout on my watch. However, something that really bothers me is that I start the race on my phone, but I can't then view my stats while running without having to press on and tap the watch and wait for the application to load, very irritating to race. I want to be able to lift my wrist and live stats are there to watch me, not listening and not get my phone out of my pocket. Surely this is something that can make the original watch?

As a separate issue with the new app, Nike +, it does not recognize the songs I downloaded on my phone of Apple music in my playlists, then I have to play the separatelay of music through the application of music as opposed to go with Nike +? The ides on how to fix or is this a known problem with the latest Nike + app?

Hello

You may find it useful to consult the support resources of Nike and/or contact Nike for assistance with the help of their application:
- Contact Nike (support is available by phone and via social media):
  - https://support-en-us.nikeplus.com/app/contact/l/4/t/4462/
- Nike + running Club to support:
  - http://nikeplus.com/support/
More information:

https://iTunes.Apple.com/us/app/Nike+-run-Club/id387771637?Mt=8

With the help of old gear series noon on El Capitan

I have a Vox Tonelab SE effects audio Board (around 2004), there the old serial midi on the back ports. I hung with the help of a USB MIDI interface cable. While the USB Midi interface to the show in Audio / Midi set upward and also in the profile system for USB port it does not detect the Vox Tonelab so no communication lunch.

There is a POWERPC application called ToneLabSE SoundEditor which I downloaded and installed in the hope he would install a driver but I guess that this obviously doesn't work on INTEL in any case. Using Wine I can run the PC version, but still no communication via midi.

Someone at - it ideas, would like to get this Panel communicating effects via MIDI.

Thank you

Solved! Using the WINE app I've run the version of the PC of ToneLab SE editor application. So pretty unintuitively by changing the serial midi to USB, SERIAL interface cables that went to the and out on the Tonelab SE. Now of the Se ToneLab editor I can write banks of programs to hardware Tonelab, but unable to empty the banks since the material Tonelab to software. My main desire was to use Expression pedals on the Tonelab as Midi Ableton controllers and some of the switches to the control of the Looper stomp. Now I can do it all. Hooray!

With the help of Yosemite, I like Photos app in general; have big Aperture library, although I use rarely opening Tools. Advantages, disadvantages and pitfalls related to the migration of Photos?

With the help of Yosemite, I like Photos app in general; have big Aperture library, although I use rarely opening Tools. Advantages, disadvantages and pitfalls related to the migration of Photos?

Opening was a pro the Pro amateur-oriented or serious app, usually shooting Raw, probably on a digital SLR.

If that's you then pictures will miss a lot for you.

If this isn't the case, then opening was probably overkill for your needs.

If you like the pictures then this is the way to go.

Thunderbird will only connect if stop then reopened. (With the help of Mac 10.9.4)

With the help of Mac 10.9.4
If I open Thunderbird, I can connect to my e-mail address and download the messages. If I select "Get Mail" once again, Thunderbird crashes and fails to connect to my emails. If I then close Thunderbird and re-open it, I'm able to immediately connect to my mail.

It seems to have sorted itself after a few days. (Fingers crossed). Until today it worked properly. Will keep an eye on things for the next week and the report does so again.

Anyone having problems with messages of script with the new version of GMail and Yahoo Mail? All the others seem fine and no problems with other browsers. With the help of FF25

Gmail and Yahoo mail are very slow to load. I get a message from the script almost whenever instruct me to continue or to stop the script. Everything I have shut down or restart the browser goes blank and hangs. So, I have to restart Firefox. I followed suggestions on the help pages for the slow e-mail accounts or issues. (cleared cache etc, reset etc.) nothing solves the problem. I only noticed the problem since the first update of FF25. Scripts to stop even on these pages is not acceptable, because you are directed to the pages who insist you must restart scripts. It's a nightmare! Gmail both Yahoomail are very slow to respond to clicks more.

Your list of details of the system shows that you have a user.js file in the profile folder to initialize some preferences at each start of Firefox.

The user.js file appears only if you or another software created, therefore, normally, he wouldn't be here.
You can check its contents with a text editor if you do not create this file yourself.

The user.js file is read whenever you launch Firefox and initializes the preferences to the value specified in this file, so set of preferences via user.js can be changed temporarily for the current session.
- http://KB.mozillazine.org/Preferences_not_saved
You can rename or delete the prefs.js file and numbered possible prefs-# .js and the file user.js to reset all default prefs.
- http://KB.mozillazine.org/Preferences_not_saved
- http://KB.mozillazine.org/Resetting_preferences
You can use this button to go to the Firefox profile folder:
- Help > troubleshooting information > profile directory: see file (Linux: open the directory;) Mac: View in the Finder)
Note that the folder "Application Data" in XP/Win2K and the "AppData" folder in Windows Vista and Windows 7 and later versions are hidden folders.
- http://KB.mozillazine.org/Show_hidden_files_and_folders
- http://KB.mozillazine.org/Profile_folder_-_Firefox

ABP is blocking content from Ticketmaster, I tried to turn it off but it doesn't. I use Ticketmaster on my iPod, so I know that the problem is with the help of PBA.

Tried different options of disabling with no joy. Don't know what else to do

Try to start Firefox in safe mode. If there is no problem, then while
a course in Firefox > Modules and delete the PBA. Then restart
FF. If there is still a problem, Ad-Block can be reinstalled.
```
======================================
```
Try Firefox Safe mode to see if the problem goes away. Safe mode is a troubleshooting mode, which disables most of the modules.

(If you use it, switch to the default theme).
- Under Windows, you can open Firefox 4.0 + in Safe Mode holding the key SHIFT key when you open the desktop Firefox or shortcut in the start menu.
- On Mac, you can open Firefox 4.0 + in Safe Mode holding the key option key when starting Firefox.
- Under Linux, you can open Firefox 4.0 + with leaving Firefox then go to your Terminal and running Safe Mode: firefox-safe-mode (you may need to specify the installation path of Firefox for example/usr/lib/firefox)
- Or open the Help menu and click on the restart with the disabled... modules menu item while Firefox is running.
Once you get the pop-up, simply select "" boot mode safe. "

If the issue is not present in Firefox Safe Mode, your problem is probably caused by an extension, and you need to understand that one. To do this, please follow article Troubleshooting extensions, themes and problems of hardware acceleration to resolve common Firefox problems .

To exit safe mode of Firefox, simply close Firefox and wait a few seconds before you open Firefox for normal use again.

When find you what is causing your problems, please let us know. It might help others who have the same problem.

Thank you.

With the help of TLSv1.2 with Java 7

Similar Questions

Maybe you are looking for