From: Gay David (Annecy) <"Gay>
Date: Fri, 9 Sep 2011 14:15:33 +0000

Hi all,

I'm using Grizzly 2.1.2 and I have a problem when turning on SLL. I have this exception :

2011-09-09 15:59:23,697 GMT+0200 - [Grizzly(1)] WARN (DefaultFilterChain.execute:177) - Exception during FilterChain execution
org.glassfish.grizzly.TransformationException: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
                at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:175)
                at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:66)
                at org.glassfish.grizzly.AbstractTransformer.transform(AbstractTransformer.java:73)
                at org.glassfish.grizzly.filterchain.AbstractCodecFilter.handleRead(AbstractCodecFilter.java:71)
                at org.glassfish.grizzly.ssl.SSLFilter.handleRead(SSLFilter.java:176)
                at org.glassfish.grizzly.filterchain.ExecutorResolver$9.execute(ExecutorResolver.java:119)
                at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeFilter(DefaultFilterChain.java:286)
                at org.glassfish.grizzly.filterchain.DefaultFilterChain.executeChainPart(DefaultFilterChain.java:223)
                at org.glassfish.grizzly.filterchain.DefaultFilterChain.execute(DefaultFilterChain.java:155)
                at org.glassfish.grizzly.filterchain.DefaultFilterChain.process(DefaultFilterChain.java:134)
                at org.glassfish.grizzly.ProcessorExecutor.execute(ProcessorExecutor.java:78)
                at org.glassfish.grizzly.nio.transport.TCPNIOTransport.fireIOEvent(TCPNIOTransport.java:827)
                at org.glassfish.grizzly.strategies.AbstractIOStrategy.fireIOEvent(AbstractIOStrategy.java:103)
                at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.run0(WorkerThreadIOStrategy.java:111)
                at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy.access$100(WorkerThreadIOStrategy.java:55)
                at org.glassfish.grizzly.strategies.WorkerThreadIOStrategy$WorkerThreadRunnable.run(WorkerThreadIOStrategy.java:131)
                at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.doWork(AbstractThreadPool.java:508)
                at org.glassfish.grizzly.threadpool.AbstractThreadPool$Worker.run(AbstractThreadPool.java:488)
                at java.lang.Thread.run(Thread.java:662)
Caused by: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
                at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1429)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1397)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1563)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1023)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:837)
                at com.sun.net.ssl.internal.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:713)
                at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:607)
                at org.glassfish.grizzly.ssl.SSLDecoderTransformer.transformImpl(SSLDecoderTransformer.java:127)
                ... 18 more


And this is the code I use to init the SSL in Grizzly :

    private static final String SSLCTX_TLS = "TLS";
    private static final String KSTYPE_PKCS12 = "PKCS12";

                public void startServer( SomeConfigurationObject conf ) throws Exception
                {
                               ...
                               HttpServer server = new HttpServer();

                               NetworkListener nl = new NetworkListener( identifier, host, port );
                               if( useSsl )
                               {
                                               nl.setSecure( true );
                                               nl.setSSLEngineConfig( createSSLConfiguration(conf) );
                               }
                               nl.setRcmSupportEnabled( false );
                               nl.setCompression( "on" );
                               nl.setChunkingEnabled( true );
                               nl.setDisableUploadTimeout( true );
                               nl.getFileCache().setEnabled( false );
                               server.addListener( nl );

                               // Add the http handlers
                               ....

                               // Start
                               server.start();
                }


    private SSLEngineConfigurator createSSLConfiguration( SomeConfigurationObject conf ) throws IOException
    {
        ByteArrayInputStream bais;
        KeyStore ks;
        KeyManagerFactory kmFactory;
        SSLContext sslContext;
        SSLEngineConfigurator engineConf;

        engineConf = null;
        try
        {
            // Prepare a key manager using the provided keystore
            kmFactory = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );

                                               // .... some code to init the KeyManagerFactory

            // Initialize the SSL context with the certificate as the server identity
            sslContext = SSLContext.getInstance( SSLCTX_TLS );
            sslContext.init( kmFactory.getKeyManagers(), null, null );

            // Create the engine conf
            engineConf = new SSLEngineConfigurator( sslContext, false, false, false );
            engineConf.setEnabledProtocols( new String[] { "TLSv1", "SSLv3" } );
            engineConf.setProtocolConfigured( true );
            engineConf.setEnabledCipherSuites( conf.getEnabledCipherSuites() );
            engineConf.setCipherConfigured( true );
        }
                               catch( ... ) { .... }


Did someone have a clue of what's could be wrong ?

Thanks and regards
David