[QFJ-294] "Initial Handshake failed" on ssl sessions with 1.3.1 Created: 01/Feb/08  Updated: 10/Jan/10  Resolved: 10/Jan/10

Status: Closed
Project: QuickFIX/J
Component/s: None
Affects Version/s: 1.3.1
Fix Version/s: Future Releases

Type: Bug Priority: Default
Reporter: Thomas Hügel Assignee: Unassigned
Resolution: Cannot Reproduce Votes: 0
Labels: None

Attachments: Zip Archive ssl.zip    

 Description   

Today I exchanged the quickfix/j library in my fixengine in our test environment with the 1.3.1 version(before 1.3.0).
There are many sessions configured in it; all non ssl sessions came up, but the one that has ssl configured doesn´t:

19:30:01,865 | [SocketConnectorIoProcessor-3.0] | INFO initiator.InitiatorIoHandler | MINA session created: /10.252.212.72:50229
19:30:02,069 | [SocketConnectorIoProcessor-3.0] | ERROR initiator.InitiatorIoHandler | socket exception (/62.189.50.234:17001): Initial SSL handshake failed.
19:30:31,954 | [SocketConnectorIoProcessor-3.0] | INFO initiator.InitiatorIoHandler | MINA session created: /10.252.212.72:50231
19:30:32,040 | [SocketConnectorIoProcessor-3.0] | ERROR initiator.InitiatorIoHandler | socket exception (/62.189.50.234:17001): Initial SSL handshake failed.
19:31:02,046 | [SocketConnectorIoProcessor-3.0] | INFO initiator.InitiatorIoHandler | MINA session created: /10.252.212.72:50232
19:31:02,206 | [SocketConnectorIoProcessor-3.0] | ERROR initiator.InitiatorIoHandler | socket exception (/62.189.50.234:17001): Initial SSL handshake failed.
19:31:02,207 | [SocketConnectorIoProcessor-3.0] | INFO fixengine.FIXApplication | Logout: FIX.4.4:DPBTST->TRADEWEBLDN:794 Fri Feb 01 19:31:02 CET 2008 on session 'tradeweb test'
19:31:32,125 | [SocketConnectorIoProcessor-3.0] | INFO initiator.InitiatorIoHandler | MINA session created: /10.252.212.72:50234
19:31:32,191 | [SocketConnectorIoProcessor-3.0] | ERROR initiator.InitiatorIoHandler | socket exception (/62.189.50.234:17001): Initial SSL handshake failed.
19:31:32,192 | [SocketConnectorIoProcessor-3.0] | INFO fixengine.FIXApplication | Logout: FIX.4.4:DPBTST->TRADEWEBLDN:794 Fri Feb 01 19:31:32 CET 2008 on session 'tradeweb test'
19:32:02,229 | [SocketConnectorIoProcessor-3.0] | INFO initiator.InitiatorIoHandler | MINA session created: /10.252.212.72:50236
19:32:02,313 | [SocketConnectorIoProcessor-3.0] | ERROR initiator.InitiatorIoHandler | socket exception (/62.189.50.234:17001): Initial SSL handshake failed.
19:32:32,337 | [SocketConnectorIoProcessor-3.0] | INFO initiator.InitiatorIoHandler | MINA session created: /10.252.212.72:50237
19:32:32,432 | [SocketConnectorIoProcessor-3.0] | ERROR initiator.InitiatorIoHandler | socket exception (/62.189.50.234:17001): Initial SSL handshake failed.

I switched back to the old library (1.3.0), restarted the fix engine and it works without any problems. the mina core and the ssl-filters havent changed, so it must be something in the quickfix/j core code.
19:35:01,308 | [SocketConnectorIoProcessor-2.0] | INFO initiator.InitiatorIoHandler | MINA session created: /10.252.212.72:50260
19:35:02,484 | [QFJ Message Processor] | INFO fixengine.FIXApplication | Logon: FIX.4.4:DPBTST->TRADEWEBLDN:794 Fri Feb 01 19:35:02 CET 2008 on session 'tradeweb test'

Configuration of the session:
********************************
[DEFAULT]
AutoStart=Y
Description=tradeweb test
ConnectionType=initiator
BeginString=FIX.4.4
UseDataDictionary=Y
FileStorePath=/home/jetty/fixengine/sessionpersistence
FileLogPath=/home/jetty/fixengine/log

[SESSION]
SenderCompID=xxxx
TargetCompID=xxxxx
SessionQualifier=794
StartTime=09:00:00
EndTime=20:30:00
SocketConnectHost=x.x.x.x
SocketConnectPort=17001
HeartBtInt=30
ReconnectInterval=30
TimeZone=Europe/Berlin
SendResetSeqNumFlag=N
DataDictionary=/home/jetty/fixengine/datadicts/initiator1178126847640_datadic.xml
SocketUseSSL=Y
SocketKeyStore=/home/jetty/fixengine/keystores/initiator1178126847640/keystore.ks
SocketKeyStorePassword=password
ResetOnLogout=N
************************************

Regards
Thomas

 Comments   
Comment by Steve Bate [ 02/Feb/08 ]

Not much has changed in this part of the code. The only thing I'm seeing so far that might result in this type of error is a modified strategy for loading the keystore files. It should be backwards compatible. Do you see a warning with the text "keystore not found, using empty keystore" in your application log files? If so, that would indicate there is a file loading problem.

Comment by Thomas Hügel [ 04/Feb/08 ]

i tested again and i did not found any "keystore not found warnings". But the ssl functionality remains still broken. Switching back to 1.3.0 fixed all problems.

Comment by Steve Bate [ 04/Feb/08 ]

Very mysterious. The SecureSocketTest is passing so it's working to some extent.

Can you turn on SSL debugging to see if it gives any more useful information?

http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#Debug

In the meantime, I'll do some experimentation and see if I can reproduce the problem in more complex scenarios than the one being tested in SecureSocketTest.

Steve

Comment by Thomas Hügel [ 07/Aug/08 ]

Steve,

i tested on 1.3.2, but the SSL functionality is still broken. Have to stay at 1.3.0 .

Thomas

Comment by Steve Bate [ 08/Aug/08 ]

Thanks for the report. I'd like to fix this issue but I've never been able to reproduce it. The test of the secure communications has continued to pass and I'm not sure what's different about what you're doing and what the test is doing. If you are able to create a variant of the secure socket unit test that fails it would greatly help me to diagnose and fix the problem.

Generated at Fri May 10 11:32:44 UTC 2024 using JIRA 7.5.2#75007-sha1:9f5725bb824792b3230a5d8716f0c13e296a3cae.