Error when making SSL connection from Java client to .NET server

6
votes

I am in the process of learning SSL and in this process I am attempting to create an SSL connection between a .NET server with a Java client. I use a self signed certificate for this purpose. I don't want to use the standard keystore in Java so I create a custom keystore and load that instead.

I use the following steps to generate the certificate and the pfx file to use at the .NET server end.

  1. Generated a cerficiate using the following command on windows.

    makecert -r -pe -sr "localhost" -$ individual -n "CN=localhost" -sv .pvk -r localhost.cer

  2. Converted this to a .pfx so that I can load this certificate on the .NET server app.

  3. Exported the .cer file as a .pem (Base64 format).

  4. Took the .cer file (the public component of the above mentioned certificate) and created a .jks file (JavaKeyStore) to use as the java client using the following command.

    keytool \ -import \ -v \ -trustcacerts \ -alias 0 \ -file <(openssl x509 -in localhost.pem) \ -keystore mystore.jks\ -storetype JKS\ -storepass ez24get

  5. Loaded this .jks in the Java client app and initiated the connection with the following code

    FileInputStream fis = new FileInputStream("res/myjksstore.jks");
KeyStore trusted = KeyStore.getInstance("JKS");
trusted.load(fis, "ez24get".toCharArray());           

TrustManagerFactory trustManagerFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
trustManagerFactory.init(trusted);

SSLContext context = SSLContext.getInstance("SSL");
context.init(null, trustManagerFactory.getTrustManagers(), new SecureRandom());

Socket socket = context.getSocketFactory().createSocket("localhost", 443);

String str = "abc123";

socket.getOutputStream().write(GeneralUtil.toByta(str.length()));
socket.getOutputStream().write(str.getBytes());

socket.setKeepAlive(true);

But when I try to write data to the socket, I get the following error at the server end

System.ComponentModel.Win32Exception: The client and server cannot communicate, because they do not possess a common algorithm

My server code looks as follows...

X509Certificate cert = new X509Certificate("localhost.pfx", "abc123");

TcpListener listener = new TcpListener(IPAddress.Loopback, 443); listener.Start();

while (true) {

try { TcpClient tcpClient = listener.AcceptTcpClient();

  NetworkStream networkStream = tcpClient.GetStream();

  SslStream sslStream = new SslStream(networkStream);

  sslStream.AuthenticateAsServer(cert, false, SslProtocols.Default,

false);

  byte[] data1 = new byte[4];

  sslStream.Read(data1, 0, data1.Length);

  int len = BitConverter.ToInt32(data1, 0);

  String message = "Length of incoming data " +

BitConverter.ToInt32(data1, 0);

  byte[] data2 = new byte[len];

  sslStream.Read(data2, 0, data2.Length);

  message += "   Message: " + ASCIIEncoding.ASCII.GetString(data2);

  Thread.Sleep(1000);

} catch (Exception ex)
{
} }

The exception occurs at the line

sslStream.AuthenticateAsServer(cert, false, SslProtocols.Default, false);

What could be the reason for this and how can I fix it ?

Any help would be highly appreciated.

1
java.netsslx509certificateself-signed
Try to connect to your server with openssl and check avaliable ciphersuites. openssl s_client -connect localhost:443 -CAfile <path to cert.pem> Post please output of this command.user1516873
Did you successfully connect using the standard keystore with some variant of this code, or is this your first shot at the SSL connect?TheBlastOne
Nope.. I didn't pursue this much further because I had to let go of SSL Streams due to performance related reasons. I just implemented an RSA handshake to share a session key and then used AES encryption to handle the transport. Similar to what SSL does.Heshan Perera

1 Answers

-1
votes

SSLEngine (obtained from SSLContext) must be set to client mode (setUseClientMode)