Xmpp connection using SSLSocketFactory

Priyadarshani_Pandey · January 9, 2015, 11:45am

I am using smack library to make SSL connection to openfire.

I need to use TLSv1.2 protocol for which I wrote a class which extends SSLSocketFactory. I then set this to the connectionConfiguration.

In the extended class I set the required protocol on the SSLSocket.

I noticed that the socket gets created as 15ad899[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=5222,localport=56048]] & the connection fails saying ‘javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?’. What do I need to do in the extended class to make ssl connection successful

Error snippet for reference:

*** ClientHello, TLSv1.2

RandomCookie: GMT: 1403960893 bytes = { 242, 146, 203, 195, 56, 230, 121, 164, 235, 72, 116, 218, 115, 188, 89, 16, 22, 36, 202, 136, 175, 232, 199, 10, 86, 214, 182, 79 }

Session ID: {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256]

Compression Methods: { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA

Extension renegotiation_info, renegotiated_connection:

[write] MD5 and SHA1 hashes: len = 146

0000: 01 00 00 8E 03 03 54 AF BE 3D F2 92 CB C3 38 E6 …T…=…8.

0010: 79 A4 EB 48 74 DA 73 BC 59 10 16 24 CA 88 AF E8 y…Ht.s.Y…$…

0020: C7 0A 56 D6 B6 4F 00 00 04 C0 23 00 3C 01 00 00 …V…O…#.<…

0030: 61 00 0A 00 34 00 32 00 17 00 01 00 03 00 13 00 a…4.2…

0040: 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 …

0050: 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 12 00 …

0060: 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 00 00 …

0070: 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 03 04 …

0080: 01 03 03 03 01 02 03 02 01 02 02 01 01 FF 01 00 …

0090: 01 00 …

Smack Packet Reader (0), WRITE: TLSv1.2 Handshake, length = 146

[Raw write]: length = 151

0000: 16 03 03 00 92 01 00 00 8E 03 03 54 AF BE 3D F2 …T…=.

0010: 92 CB C3 38 E6 79 A4 EB 48 74 DA 73 BC 59 10 16 …8.y…Ht.s.Y…

0020: 24 CA 88 AF E8 C7 0A 56 D6 B6 4F 00 00 04 C0 23 $…V…O…#

0030: 00 3C 01 00 00 61 00 0A 00 34 00 32 00 17 00 01 .<…a…4.2…

0040: 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 18 …

0050: 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 …

0060: 00 02 00 12 00 04 00 05 00 14 00 08 00 16 00 0B …

0070: 00 02 01 00 00 0D 00 1A 00 18 06 03 06 01 05 03 …

0080: 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 02 …

0090: 01 01 FF 01 00 01 00 …

[Raw read]: length = 5

0000: 3C 73 74 72 65 <stre

Smack Packet Reader (0), handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

Smack Packet Reader (0), SEND TLSv1 ALERT: fatal, description = unexpected_message

Smack Packet Reader (0), WRITE: TLSv1 Alert, length = 2

[Raw write]: length = 7

0000: 15 03 01 00 02 02 0A …

Smack Packet Reader (0), called closeSocket()

Smack Packet Writer (0), handling exception: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

Smack Packet Reader (0), called close()

Smack Packet Reader (0), called closeInternal(true)

Smack Packet Reader (0), called close()

Smack Packet Reader (0), called closeInternal(true)

Smack Packet Reader (0), called close()

Smack Packet Reader (0), called closeInternal(true)

Smack Packet Reader (0), called close()

Smack Packet Reader (0), called closeInternal(true)

javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

at sun.security.ssl.InputRecord.handleUnknownRecord(InputRecord.java:541)

at sun.security.ssl.InputRecord.read(InputRecord.java:374)

at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)

at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1328)

at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)

at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)

at sun.nio.cs.StreamDecoder.readBytes(StreamDecoder.java:283)

at sun.nio.cs.StreamDecoder.implRead(StreamDecoder.java:325)

at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:177)

at java.io.InputStreamReader.read(InputStreamReader.java:184)

at java.io.BufferedReader.read1(BufferedReader.java:203)

at java.io.BufferedReader.read(BufferedReader.java:279)

at org.xmlpull.mxp1.MXParser.fillBuf(MXParser.java:2992)

at org.xmlpull.mxp1.MXParser.more(MXParser.java:3046)

at org.xmlpull.mxp1.MXParser.parseProlog(MXParser.java:1410)

at org.xmlpull.mxp1.MXParser.nextImpl(MXParser.java:1395)

at org.xmlpull.mxp1.MXParser.next(MXParser.java:1093)

at org.jivesoftware.smack.PacketReader.parsePackets(PacketReader.java:279)

at org.jivesoftware.smack.PacketReader.access$000(PacketReader.java:44)

at org.jivesoftware.smack.PacketReader$1.run(PacketReader.java:70)

Flow · January 9, 2015, 2:17pm

It’s hard to help you if you don’t post the relevant code.

BTW you don’t need always to extend SSLSocketFactory for TLSv1.2. Sometimes it sufficient to set the right custom SSLContext.

Priyadarshani_Pandey · January 9, 2015, 4:59pm

Do you have an example of custom SSLContext .I had tried my code with custom SSLContext as well.

I need to set

cipher suite=TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256

TLS version=TLSv1.2.

Flow · January 9, 2015, 6:18pm

You don’t even need an custom SSLContext

https://www.igniterealtime.org/builds/smack/dailybuilds/javadoc/org/jivesoftware /smack/ConnectionConfiguration.Builder.h…