×

Discussion Board

Results 1 to 8 of 8
  1. #1
    Registered User
    Join Date
    Oct 2013
    Posts
    1

    [moved] https problem when connecting to https://m.vk.com

    I'm writing the application for Nokia Asha 501 that uses VKontakte API. There is a strange exception when connection to https://m.vk.com is opening (see below). It occurs both on device and on emulator. Default browser opens this page well. There are also no any problems when url is http://m.vk.com or https://www.google.ru.
    I spend a lot of time to find the solution out and without any results.
    I really don't know what I'm doing wrong. Please help.
    Code:
    try {
    	final String url = "https://m.vk.com";//"https://www.google.ru";
    	final HttpConnection connection = (HttpConnection) Connector.open(url);
    	System.out.println(connection.getResponseCode()); // <- Exception is thrown
    	final InputStream connStream = connection.openInputStream();
    	final byte[] buffer = new byte[1024];
    	final ByteArrayOutputStream dataStream = new ByteArrayOutputStream();
    	while (connStream.read(buffer) > 0) {
    		dataStream.write(buffer);
    	}
    	connection.close();
    	System.out.println(dataStream);
    } catch (IOException e) {
    	e.printStackTrace();
    }
    Code:
    [DISPLAY] Warning: setPureTouch is disabled!
    no localization file: locale/locale.res. Load localization manually.
    0
    Warning: Traffic View: Listing of TCP/UDP Sent traffic is set to off (see Monitor)
    Warning: Traffic View: Listing of TCP/UDP Received traffic is set to off (see Monitor)
    java.io.IOException: Alert (2,40)type:22
     - com.sun.midp.ssl.RecordReader.rdRec(), bci=224
     - com.sun.midp.ssl.Handshake.getNextMsg(), bci=10
     - com.sun.midp.ssl.Handshake.rcvSrvrHello(), bci=2
     - com.sun.midp.ssl.Handshake.doHandShake(), bci=25
     - com.sun.midp.ssl.SSLStreamConnection.<init>(), bci=163
     - com.sun.midp.io.j2me.https.Protocol.connect(), bci=245
     - com.sun.midp.io.j2me.http.Protocol.streamConnect(), bci=53
     - com.sun.midp.io.j2me.http.Protocol.startRequest(), bci=7
     - com.sun.midp.io.j2me.http.Protocol.sendRequest(), bci=33
     - com.sun.midp.io.j2me.http.Protocol.sendRequest(), bci=3
     - com.sun.midp.io.j2me.http.Protocol.getResponseCode(), bci=5
     - com.mycompany.vkontakte.Application.startApp(Application.java:41)
     - javax.microedition.midlet.MIDletTunnelImpl.callStartApp(), bci=1
     - com.sun.midp.midlet.MIDletPeer.startApp(), bci=4
     - com.sun.midp.midlet.MIDletStateHandler.startSuite(), bci=269
     - com.sun.midp.main.AbstractMIDletSuiteLoader.startSuite(), bci=38
     - com.sun.midp.main.CldcMIDletSuiteLoader.startSuite(), bci=5
     - com.sun.midp.main.AbstractMIDletSuiteLoader.runMIDletSuite(), bci=151
     - com.sun.midp.main.AppIsolateMIDletSuiteLoader.main(), bci=26
    Last edited by Marvel84; 2013-11-08 at 12:18.

  2. #2
    Nokia Developer Champion
    Join Date
    Mar 2013
    Posts
    682

    Re: https problem when connecting to https://m.vk.com

    I'de like to add that i have the same problem exactly for the 501 (the older Asha FT devices work fine) with Tumblr https urls

    I just didnt had time to check into it but indeed there is something wrong there with the https stack.

  3. #3
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105

    Re: https problem when connecting to https://m.vk.com

    Quote Originally Posted by Marvel84 View Post
    Default browser opens this page well.
    The default browser is the Nokia Xpress web-browser. That browser connects to a server at Nokia and from there connects to your VK web-page. The HTTPs is done between that Nokia server and VK, not directly between the browser and VK. This is called a proxy browser. Your MIDlet does not use a proxy but connects directly to VK, as SSL/TLS client.
    Quote Originally Posted by Marvel84 View Post
    java.io.IOException: Alert (2,40)type:22
    Fatal (2), Handshake Failed (40)
    This is an error on the SSL/TLS layer. Because we need more information, I opened Wireshark, started the capture on my network interface, filtered on ssl || dns. Then I started my Test-MIDlet again in the Nokia Asha 501 emulator. There you see, VK (the remote TLS server) issued this fatal alert, directly after the message TLS Client Hello of the Nokia Asha 501 (TLS client):
    Code:
    TLSv1 Record Layer: Handshake Protocol: Client Hello
    	Content Type: Handshake (22)
    	Version: TLS 1.0 (0x0301)
    	Length: 49
    	Handshake Protocol: Client Hello
    		Handshake Type: Client Hello (1)
    		Length: 45
    		Version: TLS 1.0 (0x0301)
    		Random
    		Session ID Length: 0
    		Cipher Suites Length: 6
    		Cipher Suites (3 suites)
    			Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
    			Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
    			Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
    		Compression Methods Length: 1
    		Compression Methods (1 method)
    			Compression Method: null (0)
    Now, we start a Terminal (Linux, Mac OS X) or in Windows, we use the OpenSSL shell from stunnel. There, we try to replicate this TLS Client Hello message:
    Code:
    openssl s_client -connect m.vk.com:443 -cipher RC4-SHA
    This gives the same message. VK does not support RC4 as TLS cipher. Solution:
    1. write to the server administrator to include RC4-SHA1 as TLS cipher
    2. use your own SSL server and proxy the traffic, for example with stunnel
      In this case, you are able to read all the data of your customers, therefore, you should provide a privacy declaration.
    3. instead of using Nokia’s TLS client, implement your own with BouncyCastle’s Lightweight TLS Client API (see the client code of this example)
      That works here after patching the ThreadedSeedGenerator (change Thread.sleep to Thread.yield). However, I had to implement HTTP on top of that, as well. Furthermore, your MIDlet must be code-signed, because untrusted MIDlets cannot open port 443 on a socket.
    4. do not support the Nokia Asha Software Platform
      The same limitation is in the Nokia Asha 502 emulator (Asha Software Platform 1.1), because of the used Sun/Oracle KVM.
    Quote Originally Posted by shai.i View Post
    same problem […] with Tumblr https urls
    I am not able to reproduce this, yet. Which URL are you using?

    Do you get
    Code:
    javax.microedition.pki.CertificateException: Certificate was issued by an unrecognized entity
    Compared with the trust store of other mobile platforms like Apple iOS, the Asha Software Platform ships with very few certificate authorities (CA), for example StartCom/StartSSL is missing. Anyway, many server administrators supply wrong intermediates (missing or chaining up to a too new root) and there is a chance to fix that: Please, issue the above OpenSSL command and give us the ‘certificate chain’. I have a look whether it can be solved with the correct cross-signing intermediate certificate. Otherwise, you have to go the Bouncy Castle way as well.
    Last edited by traud; 2013-11-27 at 13:01.

  4. #4
    Nokia Developer Expert
    Join Date
    Aug 2011
    Posts
    555

    Re: [moved] https problem when connecting to https://m.vk.com

    Hi Marvel84,

    A short update. This issue has been reported internally and prioritized according to its severity. I will have an update within the next two weeks.

    Br,
    Stratos
    Last edited by skalogir; 2013-11-27 at 08:03.

  5. #5
    Registered User
    Join Date
    Mar 2003
    Posts
    4,105

    Re: [moved] https problem when connecting to https://m.vk.com

    Thanks Stratos. In the mean time, I updated my post above with more solutions.

  6. #6
    Nokia Developer Expert
    Join Date
    Aug 2011
    Posts
    555

    Re: [moved] https problem when connecting to https://m.vk.com

    Thanks traud for troubleshooting this.

    As an update I am afraid this will not be fixed on Nokia Asha software platform 1.1, but it will be considered in future releases. Note that this doesn't affect all https:// URLs, for example https://www.verisign.com will work just fine. There has been a lot written for the weaknesses of the RC4 cipher, so as a server side implementation it might not be the most optimal choice.

  7. #7
    Nokia Developer Champion
    Join Date
    Mar 2013
    Posts
    682

    Re: [moved] https problem when connecting to https://m.vk.com

    skalogir: Was this issue ever resolved? was there a fix for this released? if RC4 has so many weaknesses why is it being used on the Nokia device?
    traud: I was trying to use https://www.tumblr.com/login if you try to open it via code you will get infamous "Alert (2,40)type:22" exception.
    Heard of DVLUP? Join here

  8. #8
    Registered User
    Join Date
    Nov 2013
    Posts
    8

    Re: [moved] https problem when connecting to https://m.vk.com

    Guys, I am having exactly this problem.. I have installed a valid SSL certificate in my servers and I still get this "java.io.IOException: Alert (2,40)type:22" error message.. I am using asha platform 1.1... It is driving me crazy....

    So, what is the final solution for this??? If I enable this RC4-SHA1 as TLS cipher, will my problem be solved?

Similar Threads

  1. Midlet crashes on N95 while connecting to an Https server
    By ysoubigo in forum Mobile Java Networking & Messaging & Security
    Replies: 4
    Last Post: 2011-03-21, 14:53
  2. Series 40 6h ed SDK: Slow when connecting with HTTPS
    By pmuilu in forum Mobile Java Tools & SDKs
    Replies: 5
    Last Post: 2010-07-10, 19:33
  3. Https request problem whith PAMP. Is https/SSL supported?
    By yakimov in forum Mobile Web Server
    Replies: 0
    Last Post: 2010-01-24, 11:31
  4. [moved] HTTPS on Symbian 2nd edition
    By manupeco in forum Symbian Networking & Messaging (Closed)
    Replies: 0
    Last Post: 2009-11-27, 14:15
  5. J2ME Security : MIDP HTTPS vs Browser HTTPS
    By dhamodharan in forum Mobile Java Networking & Messaging & Security
    Replies: 1
    Last Post: 2005-09-11, 14:19

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×