I spent a couple of days trying to track an intermittent error in the recently added Akka Transport Encryption.
NOTE. I experimented with setting setIssueHandshake (true) on either server or client, or both, but that doesn't help at all.
Our encryption specification tests several different ciphers from different sets to ensure that the settings we support really work. However, tests can sometimes run 10 times and then crash on every other test, it is really SecureRandomly failing ;-) Please note that the test does not work even on SHA1PRNG, so it is clearly not associated with additional ciphers, which we provide.
Code that creates SslHandler: https://github.com/akka/akka/blob/wip-ssl-unbroken-%E2%88%9A/akka-remote/src/main/scala/akka/remote/netty/NettySSLSupport .scala
Code that constructs the pipeline: https://github.com/akka/akka/blob/wip-ssl-unbroken-%E2%88%9A/akka-remote/src/main/scala/akka/remote/netty/NettyRemoteSupport .scala # L66
Tests: https://github.com/akka/akka/blob/wip-ssl-unbroken-%E2%88%9A/akka-remote/src/test/scala/akka/remote/Ticket1978CommunicationSpec.scala
Failsafe configuration (for which the above test does not cancel): https://github.com/akka/akka/blob/wip-ssl-unbroken-%E2%88%9A/akka-remote/src/main/resources/reference. conf
Key store and trust store for testing: https://github.com/akka/akka/tree/wip-ssl-unbroken-%E2%88%9A/akka-remote/src/test/resources
An exception to the root that fails is:
**java.security.InvalidKeyException: No installed provider supports this key: (null)** at javax.crypto.Cipher.a(DashoA13*..) at javax.crypto.Cipher.init(DashoA13*..) at javax.crypto.Cipher.init(DashoA13*..) at com.sun.net.ssl.internal.ssl.CipherBox.<init>(CipherBox.java:88) at com.sun.net.ssl.internal.ssl.CipherBox.newCipherBox(CipherBox.java:119) at com.sun.net.ssl.internal.ssl.CipherSuite$BulkCipher.newCipher(CipherSuite.java:369) at com.sun.net.ssl.internal.ssl.Handshaker.newReadCipher(Handshaker.java:410) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.changeReadCiphers(SSLEngineImpl.java:550) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1051) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:845) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607) at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:969) at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:670) at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:333) at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214) at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:91) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:373) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:247) at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:35) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:680)
And "full":
[ERROR] [06/20/2012 10:38:33.670] [remote-sys-4] [ActorSystem(remote-sys)] RemoteServerError@akka :// remote-sys@localhost :59104] Error[ javax.net.ssl.SSLException: Algorithm missing: at com.sun.net.ssl.internal.ssl.SSLEngineImpl.changeReadCiphers(SSLEngineImpl.java:554) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1051) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:845) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:721) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607) at org.jboss.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:969) at org.jboss.netty.handler.ssl.SslHandler.decode(SslHandler.java:670) at org.jboss.netty.handler.codec.frame.FrameDecoder.callDecode(FrameDecoder.java:333) at org.jboss.netty.handler.codec.frame.FrameDecoder.messageReceived(FrameDecoder.java:214) at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:268) at org.jboss.netty.channel.Channels.fireMessageReceived(Channels.java:255) at org.jboss.netty.channel.socket.nio.NioWorker.read(NioWorker.java:91) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.processSelectedKeys(AbstractNioWorker.java:373) at org.jboss.netty.channel.socket.nio.AbstractNioWorker.run(AbstractNioWorker.java:247) at org.jboss.netty.channel.socket.nio.NioWorker.run(NioWorker.java:35) at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908) at java.lang.Thread.run(Thread.java:680) Caused by: java.security.NoSuchAlgorithmException: Could not create cipher AES/128 at com.sun.net.ssl.internal.ssl.CipherBox.<init>(CipherBox.java:99) at com.sun.net.ssl.internal.ssl.CipherBox.newCipherBox(CipherBox.java:119) at com.sun.net.ssl.internal.ssl.CipherSuite$BulkCipher.newCipher(CipherSuite.java:369) at com.sun.net.ssl.internal.ssl.Handshaker.newReadCipher(Handshaker.java:410) at com.sun.net.ssl.internal.ssl.SSLEngineImpl.changeReadCiphers(SSLEngineImpl.java:550) ... 17 more Caused by: java.security.InvalidKeyException: No installed provider supports this key: (null) at javax.crypto.Cipher.a(DashoA13*..) at javax.crypto.Cipher.init(DashoA13*..) at javax.crypto.Cipher.init(DashoA13*..) at com.sun.net.ssl.internal.ssl.CipherBox.<init>(CipherBox.java:88) ... 21 more ]
source share