I am using Apache Mina (Mina2 - Netty not available to use - don't ask why :P) to create a TCP Client which connects to a TCP server over TLS.
Here's the SSLContext:
Here's my blueprint xml route:
<route id="ReadMQ">
<from uri="jmsep://topic:test/014/data" />
<process ref="readIt"></process>
<to
uri="mina2:tcp://SOMEHOST:38332?sync=true;sslContextParameters=#mySSL;minaLogger=true" />
</route>
cert.pem contains both the key and cert in it.
When Nina tries to connect to the endpoint, it server closes the connection with this error:
System.IO.IOException: The handshake failed due to an unexpected packet format.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
Looking at error, it feels like Mina is not connecting with the correct protocol?
Here's what Mina says:
SEVERE: Exception on receiving message from address: SOMEHOST:38332 using connector: (nio socket connector: managedSessionCount: 0)
Throwable occurred: java.io.IOException: An existing connection was forcibly closed by the remote host.
Also, when I use the s_client this way: openssl s_client -connect SOMEHOST:38332 -cert cert.pem -key cert.pem -state -debug
It goes head and does the SSL handshake with exchange of certificates.
Any clues what I am missing here?
答案 0 :(得分:0)
密钥库和证书库中的证书的密钥没有被添加,因为它们是PEM格式。服务器将请求客户端证书,客户端的证书链将为空,因此错误。 为了解决这个问题,我创建了一个JKS格式密钥库并导入了p12文件(使用pem文件创建)并且它有效。