Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

SSLEngine not unwrapping

843811Apr 7 2005 — edited Apr 8 2005
Hi! This is my first post here and I'm very happy to join the community.

I am building a SSLEngine server/client connection (using nio to transport the data) and porting it into an existing project that uses SSLSockets. I ran into a problem I can't fix.

The keys that I am using were generated for the existing project, though I have tested keys from other nio projects I have found online with the same results I am about to describe. So, I don't think the keys are the problem.

I successfully connected the nio client and server. I can transport data as plain text without a problem.

I then hooked up SSLEngine handshaking and that appears to have worked correctly as well. At least, I get both client and server into a HandShakeStatus of FINISHED (Status is OK) without any errors.

So, I create a small number of byes to encrypt, about 5 bytes, though I have tested with 500 with no difference. The encrypt seems to work properly. The same number of bytes are written to the wire, that are read from the receiving side. The decryption at the other side fails with an exception when I call sslEngine.unwrap();

javax.net.ssl.SSLException: Unsupported record version Unknown-0.0
at com.sun.net.ssl.internal.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:97)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:759)
at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:674)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:566)
at com.trigeo.puma.communications.nio.crypto.SSLDecrypt.run(SSLDecrypt.java:87)

I can only find one other reference to this kind of exception and that error was claimed to be multiple threads accessing the same object. I did not think that would be possible with my code, but I pushed everything into one thread to test it anyway. No difference.

Has anybody seen anything like this before? Does anyone know what it means? The best I can figure is that the encrypted packet I send is of the wrong version. I would think the handshaking would sort that out so perhaps the problem is there.

Both client and server are using the same CipherSuite, Protocols, and sizes for Application- and PacketBuffer sizes match as verified by the various SSLEngine.gets.

I am not sure what code to post, or even it any would help. Mostly I am confused by the exception and what can cause it.

Thanks for any help you can offer.
-shaler
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on May 6 2005
Added on Apr 7 2005
#cryptography
1 comment
1,859 views