[Jradius] JRadius Simulator and radsecproxy (TLS)

JB list.coovachilli at me.com
Tue Jun 4 08:21:14 UTC 2013


Yes, it is.
Sorry, I should've sent this patch.


> Glad to hear it...
> 
> Is this more or less what you have done? :
> 
> public class RadSecClientTransport extends RadiusClientTransport
> {
> -	private Socket socket;
> -	private Socket socketAcct;
> +	private SSLSocket socket;
> +	private SSLSocket socketAcct;
> 	private KeyManager keyManagers[];
> 	private TrustManager trustManagers[];
> 	
> @@ -71,19 +72,21 @@
> 	{
> 		try
> 		{
> -	        SSLContext sslContext = SSLContext.getInstance("SSLv3");
> +	        SSLContext sslContext = SSLContext.getInstance("TLSv1");
> 	        sslContext.init(keyManagers, trustManagers, null);
> 	        
> 	        SSLSocketFactory socketFactory =
> sslContext.getSocketFactory();
> -	        socket = socketFactory.createSocket(getRemoteInetAddress(),
> getAuthPort());
> +	        socket = (SSLSocket)
> socketFactory.createSocket(getRemoteInetAddress(), getAuthPort());
> 	        socket.setReuseAddress(true);
> 	        socket.setSoTimeout(getSocketTimeout() * 1000);
> +	        socket.setEnabledProtocols(new String[] { "TLSv1" });
> 	        
> 	        if (getAcctPort() != getAuthPort())
> 	        {
> -		        socketAcct =
> socketFactory.createSocket(getRemoteInetAddress(), getAcctPort());
> +		        socketAcct = (SSLSocket)
> socketFactory.createSocket(getRemoteInetAddress(), getAcctPort());
> 		        socketAcct.setReuseAddress(true);
> 		        socketAcct.setSoTimeout(getSocketTimeout() * 1000);
> +		        socketAcct.setEnabledProtocols(new String[] { "TLSv1" });
> 	        }
> 		} 
> 		catch (Exception e)
> 
> 
> 
> On Mon, 2013-06-03 at 21:21 +0200, JB wrote:
>> I think, I got it!
>> 
>> Apparently, SSLContext.getInstance("TLSv1") isn't a broad enough hint for the SSLSocketFactory which protocol the socket should apply.
>> I had to explicitly enable the "TLSv1" protocol via socket.setEnabledProtocols() .
>> For this to work, socket and socketAcct have to be instances of SSLSocket.
>> 
>> Cheers,
>> JB
>> 
>> 
>>> I will give it a look...
>>> 
>>> 
>>> 
>>> On Mon, 2013-06-03 at 12:40 +0200, JB wrote:
>>>> Okay, I've spent the whole morning installing a Java development environment and missing libraries (I thought Maven should take care of that?).
>>>> Now, I can successfully build the client with the change you proposed.
>>>> Unfortunately, I'm still getting the same error ("SSL3_GET_RECORD:wrong version number") from radsecproxy when I make a request.
>>>> 
>>>> Am I missing something?
>>>> 
>>>> Thanks!
>>>> JB
>>>> 
>>>>> Yes, RadSecClientTransport.initialize(), change
>>>>> SSLContext.getInstance("SSLv3") to SSLContext.getInstance("TLSv1")
>>>>> 
>>>>> Cheers,
>>>>> David
>>>>> 
>>>>> On Fri, 2013-05-31 at 20:47 +0200, JB wrote:
>>>>>> Hi!
>>>>>> 
>>>>>> I wanted to use the JRadius Simulator to test my radsecproxy configuration.
>>>>>> Unfortunately, I'm getting an "SSL3_GET_RECORD:wrong version number" error from radsecproxy.
>>>>>> 
>>>>>> I found an old thread over on the CoovaChilli mailing list which addresses the very same issue:
>>>>>> http://lists.coova.org/pipermail/chilli/2010-June/001430.html
>>>>>> 
>>>>>> Could this also be a solution for JRadiusSimulator or is this a different issue?
>>>>>> 
>>>>>> Thanks!
>>>>>> 
>>>>>> JB
>>>> 
>>> 
>>> 
>> 
>> _______________________________________________
>> Jradius mailing list
>> Jradius at coova.org
>> http://lists.coova.org/cgi-bin/mailman/listinfo/jradius
> 
> -- 
> --
> David Bird
> http://www.linkedin.com/in/dwbird/
> 



More information about the Jradius mailing list