Force SSL redirection to target service host for all protocols

siva.pannier nginx-forum at forum.nginx.org
Tue Jul 14 13:55:04 UTC 2020


Extremely sorry, I mentioned the wrong port in that post.. Actually I am
using the correct port number.. 

Client (Windows + non SSL):8091  ==> Nginx host (ubuntu vm+ SSL redirection)
==> TCP server (Windows + SSL enabled)

TCP server listening on 8091
Nginx Server listening on 8091
Client makes call to Nginx on 8091

I modified my server code for additional debugging as below

#################
    ServerSocketFactory ssf = SSLServerSocketFactory.getDefault();
    int port = 8091;
    ServerSocket ss = ssf.createServerSocket(port);

    while (true) {

      try {
          Socket sock = ss.accept();
          System.out.println("Timeout set is " + sock.getSoTimeout());
    	  System.out.println("New client connected");

          PrintWriter pw = new PrintWriter(sock.getOutputStream());
          pw.println(new Date().toString() + " from port: "+port);
          System.out.println("Data ready to sent to client");
          pw.flush();
          //pw.close();
          System.out.println("Data sent to client");
          
          System.out.println("Ready to read client data");
          BufferedReader br = new BufferedReader(new
InputStreamReader(sock.getInputStream()));
          String data = br.readLine();
          System.out.println("Data received from Client: "+ data);
          //br.close();
          
          sock.close();
          System.out.println("Socket closed");
########################

Output from the server when client initiated the connection is.. 
#####################
Timeout set is 0
New client connected
Data ready to sent to client
Data sent to client
Ready to read client data
I/O error: Connection has been shutdown:
javax.net.ssl.SSLHandshakeException: no cipher suites in common
Exception in thread "main" javax.net.ssl.SSLException: Connection has been
shutdown: javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at sun.security.ssl.SSLSocketImpl.checkEOF(Unknown Source)
	at sun.security.ssl.AppInputStream.read(Unknown Source)
	at sun.nio.cs.StreamDecoder.readBytes(Unknown Source)
	at sun.nio.cs.StreamDecoder.implRead(Unknown Source)
	at sun.nio.cs.StreamDecoder.read(Unknown Source)
	at java.io.InputStreamReader.read(Unknown Source)
	at java.io.BufferedReader.fill(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at java.io.BufferedReader.readLine(Unknown Source)
	at com.att.tcp.server.TCPSServer.main(TCPSServer.java:37)
Caused by: javax.net.ssl.SSLHandshakeException: no cipher suites in common
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
	at sun.security.ssl.ServerHandshaker.chooseCipherSuite(Unknown Source)
	at sun.security.ssl.ServerHandshaker.clientHello(Unknown Source)
	at sun.security.ssl.ServerHandshaker.processMessage(Unknown Source)
	at sun.security.ssl.Handshaker.processLoop(Unknown Source)
	at sun.security.ssl.Handshaker.process_record(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
	at sun.security.ssl.AppOutputStream.write(Unknown Source)
	at sun.nio.cs.StreamEncoder.writeBytes(Unknown Source)
	at sun.nio.cs.StreamEncoder.implFlushBuffer(Unknown Source)
	at sun.nio.cs.StreamEncoder.implFlush(Unknown Source)
	at sun.nio.cs.StreamEncoder.flush(Unknown Source)
	at java.io.OutputStreamWriter.flush(Unknown Source)
	at java.io.BufferedWriter.flush(Unknown Source)
	at java.io.PrintWriter.flush(Unknown Source)
	at com.att.tcp.server.TCPSServer.main(TCPSServer.java:31)

Error was thrown on the line  "pw.flush();" in the above code

####################################


Output from the client is
#####################

I/O error: Connection reset
Exception in thread "main" java.net.SocketException: Connection reset
	at java.net.SocketInputStream.read(Unknown Source)
	at java.net.SocketInputStream.read(Unknown Source)
	at sun.security.ssl.InputRecord.readFully(Unknown Source)
	at sun.security.ssl.InputRecord.read(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
	at com.att.client.tcp.TimeClient.main(TimeClient.java:34)

Error is thrown on the client code " socket.startHandshake(); "
##########################

> When my client is "nc", and my server is "openssl s_server -port 12345",
> things seem to work for me. Anything I write on one end is shown on the
> other, with nginx handling the ssl/no-ssl translation.

Are you able to run a similar configuration?

May be I would have done something wrong on SSL settings or on self-signed
certificate. Let me start things from scratch again..

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,288541,288696#msg-288696



More information about the nginx mailing list