Tell me more ×
Stack Overflow is a question and answer site for professional and enthusiast programmers. It's 100% free, no registration required.
up vote 0 down vote favorite

I am coding an application where I control the code of both the client and the server. I am using SSLSockets to implement it. I have the protocol already running with normal unsecured sockets, but when I try to switch to SSLSockets (using exactly the same protocol), I keep getting the following stack trace:

java.net.SocketException: Connection reset
        at java.net.SocketInputStream.read(SocketInputStream.java:168)
        at com.sun.net.ssl.internal.ssl.InputRecord.readFully(InputRecord.java:293)
        at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:331)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:782)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:739)

For some reason, the exact same code works perfectly with unsecured sockets. Why could this be?

Any feedback would be appreciated. Thank you.

Pablo

share|improve this question
Can you post the code? – Welshboy May 13 '11 at 18:08
To make sure it is really a software problem, try running on a different machine that is using a different internet connection. It might be a software bug, but last time I saw this symptom, a faulty router was to blame. – finnw May 13 '11 at 18:20

3 Answers

up vote 0 down vote

Reasons can vary, -Djavax.net.debug=ssl is your friend, as suggested by Vladimir Dyuzhev.

Anyway, it may be a certificate problem -- make sure you have correct keystore and trustore. You will require one entry in keystore with:

  • private key
  • certificate
  • complete chain of issuer of the certificate

And a truststore:

  • complete chain of certificates for server certificate

I have problems generating proper keystore (trustore is easy -- just use keytool). For keystore you need st like this (Linux with openssl + java):

# convert all to PEM
openssl x509 -in ${ca}.der -inform DER -outform PEM -out ${ca}.pem
openssl x509 -in ${subca}.der -inform DER -outform PEM -out ${subca}.pem
# create one large PEM file containing certificate chain
cat ${ca}.pem ${subca}.pem > tmp_cert_chain.pem
# generate PKCS#12 BUNDLE
openssl pkcs12 -export -in ${cert}.pem -inkey ${key}.pem -certfile tmp_cert_chain.pem -out tmp_pkcs12.pfx
# convert PKCS#12 bundle to JKS
keytool -importkeystore -srckeystore tmp_pkcs12.pfx -srcstoretype pkcs12 -srcstorepass ${storepass} -destkeystore $keystore -deststoretype jks -deststorepass ${storepass}
# print out JKS keystore
keytool -list -keystore $keystore -storepass $storepass
share|improve this answer
up vote 1 down vote

From your post it is not possile to detect the problem.
When you switch to secure sockets the most secure ciphers are used by default.
If you have not configured your truststore/keystore correctly (or have not enabled the non-authenticated suites) then the SSL handshake will fail.
The exception seems to indicate that.
What you can do is run your program using javax.net.debug=ssl,handshake to enable SSL debugging info and post the debugging info and your code if you expect someone to help you.

share|improve this answer
-Djavax.net.debug=ssl is the most useful thing in debugging SSL. – Vladimir Dyuzhev May 14 '11 at 2:29
up vote 0 down vote

Depending on what OS you are using, it may require admin/root priveledges to bind to or listen to the SSL port. Trying running your application with admin rights (in Windows) or sudo'd (on Linux).

share|improve this answer
It fails on read, not accept(). – Vladimir Dyuzhev May 14 '11 at 2:29
And what is "SSL port" anyway? HTTPS is under 1024, true. But there is no specific number assigned to SSL/TLS. – Vladimir Dyuzhev May 14 '11 at 2:31

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.