问题
Please help me. I can do nothing with it. I have gf 4.0.1 and swing client. I want to get EJB over SSL. I've set all certificates. However, I can get it work only when client and server are at the same host. What I see in tcpdump when they are at the same host:
........
10.0.17.2.48524 > 10.0.17.2.3820: Flags [P.], cksum 0x378f (incorrect -> 0xf2b6), seq 399:756, ack 1085, win 273, options [nop,nop,TS val 347297976 ecr 347297966], length 357
13:01:26.334898 IP (tos 0x0, ttl 64, id 51559, offset 0, flags [DF], proto TCP (6), length 665)
10.0.17.2.3820 > 10.0.17.2.48524: Flags [P.], cksum 0x388f (incorrect -> 0x626d), seq 1085:1698, ack 756, win 273, options [nop,nop,TS val 347297977 ecr 347297976], length 613
13:01:26.374075 IP (tos 0x0, ttl 64, id 39617, offset 0, flags [DF], proto TCP (6), length 52)
10.0.17.2.48524 > 10.0.17.2.3820: Flags [.], cksum 0x9282 (correct), seq 756, ack 1698, win 289, options [nop,nop,TS val 347298017 ecr 347297977], length 0
13:01:26.375662 IP (tos 0x0, ttl 64, id 15848, offset 0, flags [DF], proto TCP (6), length 60)
127.0.0.1.42403 > 127.0.0.1.3820: Flags [S], cksum 0x7255 (correct), seq 2517132554, win 32792, options [mss 16396,sackOK,TS val 347298018 ecr 0,nop,wscale 7], length 0
13:01:26.375678 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto TCP (6), length 60)
127.0.0.1.3820 > 127.0.0.1.42403: Flags [S.], cksum 0x21e9 (correct), seq 2013817557, ack 2517132555, win 32768, options [mss 16396,sackOK,TS val 347298018 ecr 347298018,nop,wscale 7], length 0
........
That is it starts working from one ip and port but at some places it changes ip to 127.0.0.1 and a new connection is established: 10.0.17.2.3820 > 10.0.17.2.48524 (client port 48524) and then 127.0.0.1.3820 > 127.0.0.1.42403 (client port 42403).
When client and server at different host I don't get any exception but the client hangs. On server in log I have:
[2014-06-09T13:09:07.367+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=139 _ThreadName=Thread-8] [timeMillis: 1402304947367] [levelValue: 800] [[
p: thread-pool-1; w: 1, WRITE: TLSv1 Handshake, length = 48]]
[2014-06-09T13:09:07.367+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=139 _ThreadName=Thread-8] [timeMillis: 1402304947367] [levelValue: 800] [[
%% Cached server session: [Session-15, TLS_RSA_WITH_AES_256_CBC_SHA]]]
[2014-06-09T13:09:07.404+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=139 _ThreadName=Thread-8] [timeMillis: 1402304947404] [levelValue: 800] [[
p: thread-pool-1; w: 1, READ: TLSv1 Application Data, length = 352]]
[2014-06-09T13:09:07.408+0400] [glassfish 4.0] [INFO] [] [] [tid: _ThreadID=139 _ThreadName=Thread-8] [timeMillis: 1402304947408] [levelValue: 800] [[
p: thread-pool-1; w: 1, WRITE: TLSv1 Application Data, length = 608]]
And on client I get endlessly the following message (with different cipher suite):
.......
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_RC4_128_SHA
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
.......
How can it be fixed? Full client log is here http://centr-kav.org/temp.txt
回答1:
I found the answer. I hope that it will be useful for someone. The problem was that server redirected client to 127.0.0.1. The reason was that
InetAddress.getLocalHost()
returned 127.0.0.1 on my Linux machine. The reason was that I didn't set /etc/host. And that's why
hostname -i
returned 127.0.0.1
After editing /etc/hosts it's not necessary to restart server, only to restart glassfish. Also at domain.xml I added:
<jvm-options>-Dcom.sun.CORBA.ORBServerHost=x.x.x.x</jvm-options>
Also see https://java.net/jira/browse/GLASSFISH-4051
来源:https://stackoverflow.com/questions/24117040/javaee-ejb-over-ssl-works-only-if-client-and-server-are-at-the-same-host