Thread: [Beepcore-java-users] TLS

Hi,
=20
I have a few questions about the use of the TLSProfile:
*    Firstly what is the advantages of JSSE over PTLS and vica versa?
*    Do I need to use the startChannel method inherited from the =
tunningProfile or can I just use the session object?
*    I have a situation where a session is established, and then the =
listener starts the TLS (without authentication). I assume that by =
setting up a handshakeCompleteListener I can find out when the TLS is =
started. If the client now tries to send a message then an error occurs:
         SEVERE: javax.net.ssl.SSLException: Recieved fatal alert: =
unexpected_message
It looks like this is caused due to the session object needs updating. =
By sending a message from the listener (started TLS) and then using the =
session object from the message (message.getChannel().gatSession()) I =
can avoid the problem. Is there another way of getting the current =
session object?
*    How do I go about setting the TLS up for authentication where can I =
create a private-public key pair, etc.
=20
I am in the process of implementing XML-RPC over beep, if anyone is =
intrested in this let me know.
=20
Thanks
Sean

> I have a few questions about the use of the TLSProfile:
> *    Firstly what is the advantages of JSSE over PTLS and vica versa?

The reason for the PTLS TLSProfile was because of a bug in theJSSE library
that wouldn't allow client authentication when starting TLS (instead of
SSL).

> *    Do I need to use the startChannel method inherited from the
tunningProfile or can I just > use the session object?

Can you provide more information? I don't understand the question.

> *    I have a situation where a session is established, and then the
listener starts the TLS
> (without authentication). I assume that by setting up a
handshakeCompleteListener I can find
> out when the TLS is started. If the client now tries to send a message
then an error occurs:
>         SEVERE: javax.net.ssl.SSLException: Recieved fatal alert:
unexpected_message
> It looks like this is caused due to the session object needs updating. By
sending a message
> from the listener (started TLS) and then using the session object from the
message
> (message.getChannel().gatSession()) I can avoid the problem. Is there
another way of
> getting the current session object?

Not currently but this could be fixed without too much trouble.

> *    How do I go about setting the TLS up for authentication where can I
create a
> private-public key pair, etc.

It depends on which TLSProfile you use. Both of them are configured with the
init() method but they have different configuration options. JSSE uses the
Keystore and PTLS uses PEM files.

> I am in the process of implementing XML-RPC over beep, if anyone is
intrested in this let
> me know.

Very cool, will it be an open source release?

--Huston

Huston wrote:
>>I have a few questions about the use of the TLSProfile:
>>*    Firstly what is the advantages of JSSE over PTLS and vica versa?
> 
> 
> The reason for the PTLS TLSProfile was because of a bug in theJSSE library
> that wouldn't allow client authentication when starting TLS (instead of
> SSL).

I don't believe this true any more.  I don't seem to be having this 
problem with the JSSE stuff that comes with JDK 1.4.

-andy

> Huston wrote:
> >>I have a few questions about the use of the TLSProfile:
> >>*    Firstly what is the advantages of JSSE over PTLS and vica versa?
> >
> >
> > The reason for the PTLS TLSProfile was because of a bug in theJSSE
library
> > that wouldn't allow client authentication when starting TLS (instead of
> > SSL).
>
> I don't believe this true any more.  I don't seem to be having this
> problem with the JSSE stuff that comes with JDK 1.4.

Great! Thanks for the info.

--Huston

On Wed, Dec 11, 2002 at 01:33:14PM +0200, De Kock SJ <136...@su...> wrote:
> Hi,
>  
> I have a few questions about the use of the TLSProfile:
> *    Firstly what is the advantages of JSSE over PTLS and vica versa?

Probably the greatest one would be interoperability with other BEEP 
implementations.  Also I suspect you have more visibility into the
TLS stuff withing the BEEP context/framework as it may set tuning
information based on the TLS negotiation rather than the JSSE which
is external.

> *    Do I need to use the startChannel method inherited from the tunningProfile or can I just use the session object?
> *    I have a situation where a session is established, and then the listener starts the TLS (without authentication). I assume that by setting up a handshakeCompleteListener I can find out when the TLS is started. If the client now tries to send a message then an error occurs:
>          SEVERE: javax.net.ssl.SSLException: Recieved fatal alert: unexpected_message
> It looks like this is caused due to the session object needs updating. By sending a message from the listener (started TLS) and then using the session object from the message (message.getChannel().gatSession()) I can avoid the problem. Is there another way of getting the current session object?
> *    How do I go about setting the TLS up for authentication where can I create a private-public key pair, etc.
>  
> I am in the process of implementing XML-RPC over beep, if anyone is intrested in this let me know.

Did you take a look at the SOAP over BEEP proposal that Marshall did?  Would
this do what you need?  I don't know if it's been implemented anywhere though.

-bill


>  
> Thanks
> Sean
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:
> With Great Power, Comes Great Responsibility 
> Learn to use your power at OSDN's High Performance Computing Channel
> http://hpc.devchannel.org/
> _______________________________________________
> Beepcore-java-users mailing list
> Bee...@li...
> https://lists.sourceforge.net/lists/listinfo/beepcore-java-users