Skip to main content

Problem with secure pipe TLS Handshake

1 reply [Last post]
jimbosi
Offline
Joined: 2007-06-14
Points: 0

Hi All,

I’m having a bit of trouble with connecting two peers using secure pipes over the internet and, frankly, I’m at the end of my tether! So I thought there might be some smart person out there who may have encountered a similar problem themselves.

Some background:

I have two peers on physically separate networks that can only communicate via the internet. I have a rendezvous/relay peer on the internet that allows these two peers to communicate.

On the LAN, the peers can communicate using secure AND non-secure pipes. Each Peer goes through the process of joining the Peer Group using the PSE Membership service and each peer adds the remote peer’s certificate to it’s trusted certificate store before connecting. So, on the LAN it works perfectly, or so it seems.

Via the Internet the peers can also communicate using non-secure pipes. I would have thought that the same procedure for communicating using secure pipes on the LAN would have been fine for the internet too. However, when the peers connect via the internet, I get a TLS Handshake failure – see the stack trace at the bottom.

So I was wondering if there were some extra steps I need to go through to connect peers via the internet?
Does my rendezvous/relay need to install each peer’s certificate in it’s trusted keystore?
Why does it work on the LAN and not on the internet?
Thanks in advance!

jim

TlsManager[WARN] Failed making connection to uuid-6769643A44614973A86F826C61636B7353616D6D79204468A520D37175696403
java.io.IOException: Handshake failed
at net.jxta.impl.endpoint.tls.TlsConn.finishHandshake(TlsConn.java:386)
at net.jxta.impl.endpoint.tls.TlsManager.getTlsConn(TlsManager.java:219)
at net.jxta.impl.endpoint.tls.TlsTransport.getMessenger(TlsTransport.java:573)
at net.jxta.impl.endpoint.EndpointServiceImpl.getLocalTransportMessenger(EndpointServiceImpl.java:1530)
at net.jxta.impl.endpoint.EndpointServiceImpl$CanonicalMessenger.connectImpl(EndpointServiceImpl.java:379)
at net.jxta.endpoint.ThreadedMessenger.connect(ThreadedMessenger.java:549)
at net.jxta.endpoint.ThreadedMessenger.run(ThreadedMessenger.java:389)
at java.lang.Thread.run(Thread.java:595)
TlsTransport[ERROR] Cannot get a TLS connection for jxta://uuid-6769643A44614973A86F826C61636B7353616D6D79204468A520D37175696403
NonBlockingOutputPipe[WARN] Could not get messenger to : urn:jxta:uuid-6769643A44614973A86F826C61636B7353616D6D79204468A520D37175696403.
TlsManager[WARN] net.jxta.endpoint.Message@115186(7){447} is not start of handshake (seqn#0) for uuid-6769643A44614973A86F826C61636B7353616D6D79204468A520D37175696403
TlsManager[WARN] Failed making connection to uuid-6769643A44614973A86F826C61636B7353616D6D79204468A520D37175696403
java.io.IOException: Handshake failed
at net.jxta.impl.endpoint.tls.TlsConn.finishHandshake(TlsConn.java:386)
at net.jxta.impl.endpoint.tls.TlsManager.getTlsConn(TlsManager.java:219)
at net.jxta.impl.endpoint.tls.TlsTransport.getMessenger(TlsTransport.java:573)
at net.jxta.impl.endpoint.EndpointServiceImpl.getLocalTransportMessenger(EndpointServiceImpl.java:1530)
at net.jxta.impl.endpoint.EndpointServiceImpl$CanonicalMessenger.connectImpl(EndpointServiceImpl.java:379)
at net.jxta.endpoint.ThreadedMessenger.connect(ThreadedMessenger.java:549)
at net.jxta.endpoint.ThreadedMessenger.run(ThreadedMessenger.java:389)
at java.lang.Thread.run(Thread.java:595)
TlsTransport[ERROR] Cannot get a TLS connection for jxta://uuid-6769643A44614973A86F826C61636B7353616D6D79204468A520D37175696403
NonBlockingOutputPipe[WARN] Could not get messenger to : urn:jxta:uuid-6769643A44614973A86F826C61636B7353616D6D79204468A520D37175696403.
TlsManager[WARN] net.jxta.endpoint.Message@23705198(7){457} is not start of handshake (seqn#0) for uuid-6769643A44614973A86F826C61636B7353616D6D79204468A520D37175696403

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
asghar
Offline
Joined: 2005-07-26
Points: 0

Hello,

As stack trace shows, the TLS Handshake failure originates from impl- code of platform. Also it is not released code. However I hope the following text can be of some further help for you.

[b]From JXSE 2.5 Programmer’s Guide (Page 11 of PDF file)[/b]

….
It is the intent of the JXTA protocols to be compatible with widely accepted transport-layer security mechanisms. [b]Some JXTA implementations[/b] contain a [b]virtualized TLS implementation[/b] that allows it to [b]secure endpoint-to-endpoint communications[/b] regardless of the number of [b]hops[/b] required to deliver each message.
TLS and IPSec could also be used as JXTA transports. However, when used as transports they provide integrity and confidentiality of message transfer [b]only[/b] between the two communicating peers.
….

So, so!
I don’t know what a virtualized TLS implementation means. Where can I read about it?

What happens, if you include only ONE [b]intermediate[/b] peer – BUT not able to support TLS- in the path of those 2 peers, located in your local subnet (LAN) and able to communicate via secure pipe?
(ALSO: within the Java code of yourJxtaApp on this intermediate peer, avoiding the use of secure pipe)
I think: they can’t communicate more.

It’s also interesting to know, what happen, if we want to secure communication on synchronous link (JxtaSocket / JxtaServerSocket and JxtaBiDiPipe and JxtaServerPipe) in public net env.

Within the context of this thread, we should also take care about meaning of „[b]intermediate[/b]“:
A Relay, a Rdv or even a full-featured edge peer is an [b]intermediate peer[/b] in a JXTA network „X“ (consisting of let say 5 full-featured edge peers).
„X“ is a virtual network, overlaying (potentially large), physically distributed subnets, each consisting of (potentially many) network nodes, while there some of [b]intermediate nodes [/b] don’t support TLS as a transport protocol, even they belong to the underplaying infrastructure of JXTA network „X“ ( designed for secure transport of data).

Asghar