All geek questions in one place

Using SSL Connection with Akka - Cannot Configure

I am currently studying the settings of a client / server application that uses Akka remote participants to communicate. As part of this installation, I would like to enable the built-in ssl mode, which is supported through netty.

However, I'm not quite sure how to set the parameters exactly, even if I tried several different combinations.

I used http://doc.akka.io/docs/akka/2.2.0/java/remoting.html for help on various parameters.

Regarding the creation of the keystore and trust, I used the guide at this link: http://www.ibm.com/developerworks/library/j-customssl/sidebar.html

The corresponding part of my configuration looks like this on the client:

remote { enabled-transports = ["akka.remote.netty.ssl"] netty.ssl { host = "" port = 0 enable-ssl = true } netty.ssl.security { key-store = "ServiceTesterClientKeys" trust-store = "clientTrust" key-store-password = "XX" key-password = "XX" trust-store-password = "YY" protocol = "TLSv1" random-number-generator = "AES128CounterSecureRNG" enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA] } }

and so on on the server:

 remote { enabled-transports = ["akka.remote.netty.ssl"] netty.ssl { hostname = "" port = 2562 enable-ssl = true } netty.ssl.security { key-store = "serverKeys" trust-store = "serverTrust" key-store-password = "YY" key-password = "YY" trust-store-password = "XX" protocol = "TLSv1" random-number-generator = "AES128CounterSecureRNG" enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA] } }

Do I need to add properties or can Akka find it as long as it is on the class path?

 -Djavax.net.ssl.keyStore=A -Djavax.net.ssl.trustStore=B

At runtime, I get a long stack, but at the beginning it says:

[MySystem-akka.actor.default-dispatcher-11] ERROR akka.remote.EndpointWriter - AssociationError [akka.ssl.tcp: // MySystem@10.195.20.11 : 10693] → [akka.ssl.tcp: // MyServerSystem @localhost : 2562]: Error [Association error with [akka.ssl.tcp: // MyServerSystem @localhost: 2562]] [akka.remote.EndpointAssociationException: association failed with [akka.ssl.tcp: // MyServerSystem @localhost: 2562]

Calls: akka.remote.transport.netty.NettyTransport $$ anonfun $ associate $ 1 $$ anon $ 2: Failed to initialize the pipeline.

Raised: akka.remote.RemoteTransportException: SSL connection cannot be established because the SSL context cannot be constructed.

Help would be greatly appreciated. Regards, Stefan

+4
source share
1 answer

Ok, I reviewed the question.

The problem is with the random-number-generator = "AES128CounterSecureRNG" property. Instead, I decided to use the default implementation.

I think I will need to add a provider if I want to use this implementation.

For those who were grateful for your time.

+3
source

Source: https://habr.com/ru/post/1497934/

More articles:


All Articles