[Jradius] JRadius Simulator and radsecproxy (TLS)

David Bird dwbird at mac.com
Mon Jun 3 19:41:48 UTC 2013 

Glad to hear it...

Is this more or less what you have done? :

 public class RadSecClientTransport extends RadiusClientTransport
 {
-	private Socket socket;
-	private Socket socketAcct;
+	private SSLSocket socket;
+	private SSLSocket socketAcct;
 	private KeyManager keyManagers[];
 	private TrustManager trustManagers[];
 	
@@ -71,19 +72,21 @@
 	{
 		try
 		{
-	        SSLContext sslContext = SSLContext.getInstance("SSLv3");
+	        SSLContext sslContext = SSLContext.getInstance("TLSv1");
 	        sslContext.init(keyManagers, trustManagers, null);
 	        
 	        SSLSocketFactory socketFactory =
sslContext.getSocketFactory();
-	        socket = socketFactory.createSocket(getRemoteInetAddress(),
getAuthPort());
+	        socket = (SSLSocket)
socketFactory.createSocket(getRemoteInetAddress(), getAuthPort());
 	        socket.setReuseAddress(true);
 	        socket.setSoTimeout(getSocketTimeout() * 1000);
+	        socket.setEnabledProtocols(new String[] { "TLSv1" });
 	        
 	        if (getAcctPort() != getAuthPort())
 	        {
-		        socketAcct =
socketFactory.createSocket(getRemoteInetAddress(), getAcctPort());
+		        socketAcct = (SSLSocket)
socketFactory.createSocket(getRemoteInetAddress(), getAcctPort());
 		        socketAcct.setReuseAddress(true);
 		        socketAcct.setSoTimeout(getSocketTimeout() * 1000);
+		        socketAcct.setEnabledProtocols(new String[] { "TLSv1" });
 	        }
 		} 
 		catch (Exception e)



On Mon, 2013-06-03 at 21:21 +0200, JB wrote:
> I think, I got it!
> 
> Apparently, SSLContext.getInstance("TLSv1") isn't a broad enough hint for the SSLSocketFactory which protocol the socket should apply.
> I had to explicitly enable the "TLSv1" protocol via socket.setEnabledProtocols() .
> For this to work, socket and socketAcct have to be instances of SSLSocket.
> 
> Cheers,
> JB
> 
> 
> > I will give it a look...
> > 
> > 
> > 
> > On Mon, 2013-06-03 at 12:40 +0200, JB wrote:
> >> Okay, I've spent the whole morning installing a Java development environment and missing libraries (I thought Maven should take care of that?).
> >> Now, I can successfully build the client with the change you proposed.
> >> Unfortunately, I'm still getting the same error ("SSL3_GET_RECORD:wrong version number") from radsecproxy when I make a request.
> >> 
> >> Am I missing something?
> >> 
> >> Thanks!
> >> JB
> >> 
> >>> Yes, RadSecClientTransport.initialize(), change
> >>> SSLContext.getInstance("SSLv3") to SSLContext.getInstance("TLSv1")
> >>> 
> >>> Cheers,
> >>> David
> >>> 
> >>> On Fri, 2013-05-31 at 20:47 +0200, JB wrote:
> >>>> Hi!
> >>>> 
> >>>> I wanted to use the JRadius Simulator to test my radsecproxy configuration.
> >>>> Unfortunately, I'm getting an "SSL3_GET_RECORD:wrong version number" error from radsecproxy.
> >>>> 
> >>>> I found an old thread over on the CoovaChilli mailing list which addresses the very same issue:
> >>>> http://lists.coova.org/pipermail/chilli/2010-June/001430.html
> >>>> 
> >>>> Could this also be a solution for JRadiusSimulator or is this a different issue?
> >>>> 
> >>>> Thanks!
> >>>> 
> >>>> JB
> >> 
> > 
> > 
> 
> _______________________________________________
> Jradius mailing list
> Jradius at coova.org
> http://lists.coova.org/cgi-bin/mailman/listinfo/jradius

-- 
--
David Bird
http://www.linkedin.com/in/dwbird/

More information about the Jradius mailing list