×

Discussion Board

Results 1 to 11 of 11
  1. #1
    Registered User
    Join Date
    Dec 2009
    Posts
    7

    "no cipher suites in common" between J2ME client and J2SE server

    Hi guys,

    I've setup my server to accept SSL connections using the following code:
    Code:
    ServerSocket servSock = null;
    Socket clientSock = null;
    SSLServerSocketFactory ssocketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
    try {
      SSLServerSocket ssocket = (SSLServerSocket) ssocketFactory.createServerSocket(5555);
      ssocket.setEnabledCipherSuites(ssocketFactory.getSupportedCipherSuites());
      running = true;
      while (running) {
        clientSock = ssocket.accept();
        ClientHandler ch = new ClientHandler(clientSock);
        ch.start();
        }
    } catch (IOException ex) {
      Logger.getLogger(main.class.getName()).log(Level.SEVERE, null, ex);
      running = false;
    }
    and my J2ME 3.0 SDK
    Code:
    sc = (SecureConnection)Connector.open("ssl://localhost:5555");
    On the server side I get the following exception,
    javax.net.ssl.SSLHandshakeException: no cipher suites in common
    and another unreadable exception on my MIDP.
    java.io.IOException: Alert (2,40) at com.sun.midp.ssl.Record.rdRec(), bci=231 at com.sun.midp.ssl.Handshake.getNextMsg(), bci=14)
    .

    I print out a list of the enabled cipher suites on the server and compare the allowed SSLv3 suites (as stated by MIDP Application Security 2: Understanding SSL and TLS) and "SSL_RSA_WITH_DES_CBC_SHA" matches on both.

    Now, what am I doing wrong here?

    Thanks,
    Vladimir

  2. #2
    Nokia Developer Champion
    Join Date
    Mar 2003
    Posts
    4,105
    Quote Originally Posted by jangozo View Post
    sc = (SecureConnection)Connector.open("ssl://localhost:5555");
    Several J2ME runtimes (for example the Sun emulator and Series 40 emulator and phones) are very strict when it comes to secure connections and do not show a warning if the domain name mismatches or the certificate authority is unknown. If you face such a problem, you get the wildest exceptions within Java.

    First of all, I do not recommend to type cast to the most specialised (SecureConnection) but to the most general (SocketConnection) interface except you really, really need the method getSecurityInfo. Anyway, that is just a matter of coding style.

    Using localhost as domain, requires the use of a self-signed certificate authority which must be known to your Java runtime. No well-known authority will certify that. Furthermore, localhost must be present as domain name in the certificate of your server. I do not think this is a good strategy for testing. Therefore, please, go through this …

  3. #3
    Registered User
    Join Date
    Dec 2009
    Posts
    7

    Re: "no cipher suites in common" between J2ME client and J2SE server

    thank you for the reply, I have read through the link but little seemed to be relevant to my case.

    I think my problem is far simpler than this. I only need to get it working on an emulator. I have WTK, J2ME SDK and LG SDK. I managed to export a certificate I made on my computer onto the J2ME SDK and WTK emulators but now I get "The signature of the content provider certificate is invalid."

    What changes do I have to make?

    Any help is appreciated, I've been working on this for the past 8 hours.

    Does my server setup look at ok at least?

    Thanks,
    Vladimir

  4. #4
    Nokia Developer Champion
    Join Date
    Mar 2003
    Posts
    4,105
    You have to import a certificate authority (CA) then. By the way, if that other post does not make sense to you at all (it answers all your questions), you should go out and buy a VeriSign certificate immediately – otherwise you waste even more time.

  5. #5
    Registered User
    Join Date
    Dec 2009
    Posts
    7

    Re: "no cipher suites in common" between J2ME client and J2SE server

    I'm sorry for being such a newbie, it's basics for u guys but I still can't seem to get the hang of it.

    Is this what I need to do on the emulator side? This certificate is one which is imported into my Netbeans keystore manager too.

    I'm also using stunnel, which listens for SSL connection on port 5555 (the one my midlet connects on), handles all SSL tasks and forwards connections to port 6666, where the server listens for normal connections.

    I've also tried with the initial server setup from my first post on the topic. Doesn't the server have to know the certificate to work with or does it get it from the Netbeans Keystores?

    On running the Midlet I get the following:
    *** Error ***
    A problem occurred during deploying application from http://127.0.0.1:51970/SecureIM_MIDP.jad
    Reason:
    The signature of the content provider certificate is invalid.

    Thanks,
    Vladimir

  6. #6
    Nokia Developer Champion
    Join Date
    Mar 2003
    Posts
    4,105
    Quote Originally Posted by jangozo View Post
    I'm sorry for being such a newbie, it's basics for u guys but I still can't seem to get the hang of it.
    No, do not get me wrong. The trick is not to bother with SecureConnection, yet. Just develop and test your MIDlet with SocketConnection and do not connect to a secured port. Beside that development and testing, go out for a (fully paid) certificate of a well-known certificate authority (I recommend VeriSign). When your certificate arrives, you are at the stage of final one-device testing. You change your URL from socket to ssl, install the certificate in your server and run the whole code from within your device.

    Currently, you try do something very complex which you do not need anytime later again. First of all, your certificate authority certificate must be known to your emulator and devices. For a well-known certificate authority you do not have to install that certificate. Secondly, to trust to localhost or an IP-address, you have to know about FQDN, common name and alternative subject-name (1, 2). All this is a bit complex and is hard to describe. The first issue should be discussed in a support forum of your emulator and/or device. Although I went that way already, the second issue is general SSL/TLS stuff and should be ask elsewhere.

    If this project is academic and you cannot afford a certificate, then contact your supervisor and discuss this. From my point of view, something like that is just a bonus and does not show or help to judge what you have learned.

    If you have other reasons for going this very terrible complicated path with your own certificate authority, just say so and we go through every step together. First secure your server correctly, then install its authority certificate into your (emulated) devices, then do the debugging.
    Quote Originally Posted by jangozo View Post
    Doesn't the server have to know the certificate to work with or does it get it from the Netbeans Keystores?
    I recommend to ask this specific somewhere else. Nevertheless, with
    Code:
    openssl s_client -crlf -connect localhost:5555
    you are able to test that yourself. Adding the -CAfile parameter, OpenSSL even tells you whether everything is correct. By the way, you should use another port number.
    Quote Originally Posted by jangozo View Post
    A problem occurred during deploying application from http://127.0.0.1:51970/SecureIM_MIDP.jad
    Reason:
    The signature of the content provider certificate is invalid.
    Not sure where you got that report from, however, it sounds like you have signed the MIDlet: MIDlet-Jar-RSA-SHA1 is present in the JAD. This code signing is a complete different area than securing an Internet connection. I do not think this helps at all in your case.
    Last edited by traud; 2010-01-29 at 12:46.

  7. #7
    Registered User
    Join Date
    Dec 2009
    Posts
    7

    Re: "no cipher suites in common" between J2ME client and J2SE server

    I finally figured it out, it turned out there was a problem on both sides. The server wasn't reading the keystore and I shouldn't have been signing it at all but still import the certificate. Now I'm able to establish the connection and get information on it, such as the suite used, protocol, certificate info etc.

    Thanks for the guidance traud
    Last edited by jangozo; 2010-01-31 at 17:54.

  8. #8
    Registered User
    Join Date
    Oct 2009
    Posts
    2

    Re: "no cipher suites in common" between J2ME client and J2SE server

    Can you post your code please?

  9. #9
    Registered User
    Join Date
    Dec 2009
    Posts
    7

    Re: "no cipher suites in common" between J2ME client and J2SE server

    Server:
    Code:
            SSLServerSocketFactory ssocketFactory = (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
            try {
                SSLServerSocket ssocket = (SSLServerSocket) ssocketFactory.createServerSocket(PORT);
                running = true;
                while (running) {
                    clientSock = ssocket.accept();
                    // Start create my client object and start() it.
                }
            } catch (IOException ex) {
                Logger.getLogger(main.class.getName()).log(Level.SEVERE, null, ex);
                running = false;
            }
    Client:
    Code:
                        sc = (SecureConnection) Connector.open("ssl://localhost:5555");
                        SecurityInfo info = sc.getSecurityInfo();
                        System.out.println("Suite " + info.getCipherSuite() + "\nCertificate: " + info.getServerCertificate() + "\nProtocol " + info.getProtocolName());
                        DataInputStream reader = sc.openDataInputStream();
                        writer = sc.openDataOutputStream();
                        // create my listener class
                        System.out.println("Connection established on MIDP");
    It's basically your standard setup for connecting but it's the certificates that matter.

    Make sure you tell your server to use the keystore where you have imported the certificate with the following command flags:
    -Djavax.net.ssl.keyStore=SecIM_keystore.jks -Djavax.net.ssl.keyStorePassword=yourPass

    You should also use the mekeytool.exe in your J2ME SDK to import the certificate into the emulator. If you're using J2ME SDK 3 then you may be better off using the GUI.

    REMEMBER: FILL IN ALL FIELDS ON YOUR CERTIFICATE WHEN YOU CREATE IT
    (that's if you create your own)

    Vladimir

  10. #10
    Registered User
    Join Date
    Oct 2009
    Posts
    2

    Re: "no cipher suites in common" between J2ME client and J2SE server

    Thank you for your answer, but how can i add my certificate to my MIDlet application??


    You should also use the mekeytool.exe in your J2ME SDK to import the certificate into the emulator. If you're using J2ME SDK 3 then you may be better off using the GUI.

    REMEMBER: FILL IN ALL FIELDS ON YOUR CERTIFICATE WHEN YOU CREATE IT
    (that's if you create your own)

    Vladimir

  11. #11
    Registered User
    Join Date
    Dec 2009
    Posts
    7

    Re: "no cipher suites in common" between J2ME client and J2SE server

    Quote Originally Posted by BigPepe View Post
    Thank you for your answer, but how can i add my certificate to my MIDlet application??
    The device onto which you run your application has a bunch of certificates available. This device could be a phone or an emulator. It is not possible (AFAIK) to include the certificate as part of the MIDlet app, it must be imported into a secure place on the device. Otherwise all kinds of applications would play around with your certificates. Maybe OTA installation may ask to accept a certificate and then use it as the Midlet app, but you'll have to research that yourself.

    If you want to run it on an emulator follow the instructions I've given. If you want to run it on a real device then I think there are other threads that help u with that.

Similar Threads

  1. j2se server j2me client bluetooth connection problem
    By bepolat in forum Mobile Java Networking & Messaging & Security
    Replies: 6
    Last Post: 2010-07-14, 11:05
  2. Strange question(continue): J2ME Client communication with J2SE Server
    By alfredshi in forum Mobile Java Networking & Messaging & Security
    Replies: 0
    Last Post: 2009-07-02, 23:29
  3. Strange question: J2ME Client communication with J2SE Server through bluetooth
    By alfredshi in forum Mobile Java Networking & Messaging & Security
    Replies: 0
    Last Post: 2009-07-02, 23:25
  4. connecting client (j2me) sockets to server (j2se) sockets
    By Gado11 in forum Mobile Java Networking & Messaging & Security
    Replies: 7
    Last Post: 2009-06-20, 08:41
  5. J2ME Client and J2SE Server
    By Sarkie in forum Mobile Java Networking & Messaging & Security
    Replies: 4
    Last Post: 2007-11-13, 11:59

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •