[Jradius] JRadius Simulator and radsecproxy (TLS)
JB
list.coovachilli at me.com
Tue Jun 4 08:21:14 UTC 2013
Yes, it is.
Sorry, I should've sent this patch.
> Glad to hear it...
>
> Is this more or less what you have done? :
>
> public class RadSecClientTransport extends RadiusClientTransport
> {
> - private Socket socket;
> - private Socket socketAcct;
> + private SSLSocket socket;
> + private SSLSocket socketAcct;
> private KeyManager keyManagers[];
> private TrustManager trustManagers[];
>
> @@ -71,19 +72,21 @@
> {
> try
> {
> - SSLContext sslContext = SSLContext.getInstance("SSLv3");
> + SSLContext sslContext = SSLContext.getInstance("TLSv1");
> sslContext.init(keyManagers, trustManagers, null);
>
> SSLSocketFactory socketFactory =
> sslContext.getSocketFactory();
> - socket = socketFactory.createSocket(getRemoteInetAddress(),
> getAuthPort());
> + socket = (SSLSocket)
> socketFactory.createSocket(getRemoteInetAddress(), getAuthPort());
> socket.setReuseAddress(true);
> socket.setSoTimeout(getSocketTimeout() * 1000);
> + socket.setEnabledProtocols(new String[] { "TLSv1" });
>
> if (getAcctPort() != getAuthPort())
> {
> - socketAcct =
> socketFactory.createSocket(getRemoteInetAddress(), getAcctPort());
> + socketAcct = (SSLSocket)
> socketFactory.createSocket(getRemoteInetAddress(), getAcctPort());
> socketAcct.setReuseAddress(true);
> socketAcct.setSoTimeout(getSocketTimeout() * 1000);
> + socketAcct.setEnabledProtocols(new String[] { "TLSv1" });
> }
> }
> catch (Exception e)
>
>
>
> On Mon, 2013-06-03 at 21:21 +0200, JB wrote:
>> I think, I got it!
>>
>> Apparently, SSLContext.getInstance("TLSv1") isn't a broad enough hint for the SSLSocketFactory which protocol the socket should apply.
>> I had to explicitly enable the "TLSv1" protocol via socket.setEnabledProtocols() .
>> For this to work, socket and socketAcct have to be instances of SSLSocket.
>>
>> Cheers,
>> JB
>>
>>
>>> I will give it a look...
>>>
>>>
>>>
>>> On Mon, 2013-06-03 at 12:40 +0200, JB wrote:
>>>> Okay, I've spent the whole morning installing a Java development environment and missing libraries (I thought Maven should take care of that?).
>>>> Now, I can successfully build the client with the change you proposed.
>>>> Unfortunately, I'm still getting the same error ("SSL3_GET_RECORD:wrong version number") from radsecproxy when I make a request.
>>>>
>>>> Am I missing something?
>>>>
>>>> Thanks!
>>>> JB
>>>>
>>>>> Yes, RadSecClientTransport.initialize(), change
>>>>> SSLContext.getInstance("SSLv3") to SSLContext.getInstance("TLSv1")
>>>>>
>>>>> Cheers,
>>>>> David
>>>>>
>>>>> On Fri, 2013-05-31 at 20:47 +0200, JB wrote:
>>>>>> Hi!
>>>>>>
>>>>>> I wanted to use the JRadius Simulator to test my radsecproxy configuration.
>>>>>> Unfortunately, I'm getting an "SSL3_GET_RECORD:wrong version number" error from radsecproxy.
>>>>>>
>>>>>> I found an old thread over on the CoovaChilli mailing list which addresses the very same issue:
>>>>>> http://lists.coova.org/pipermail/chilli/2010-June/001430.html
>>>>>>
>>>>>> Could this also be a solution for JRadiusSimulator or is this a different issue?
>>>>>>
>>>>>> Thanks!
>>>>>>
>>>>>> JB
>>>>
>>>
>>>
>>
>> _______________________________________________
>> Jradius mailing list
>> Jradius at coova.org
>> http://lists.coova.org/cgi-bin/mailman/listinfo/jradius
>
> --
> --
> David Bird
> http://www.linkedin.com/in/dwbird/
>
More information about the Jradius
mailing list