Skip to main content

Hello everybody!

I'm trying to test the TLS encryption between a Java test client (a driver) and an Orbix server.
The Java test client runs from Linux using JDK 1.8 and the iiop_tls Orbix library from Orbix 6.3.9.
I've used a minimal configuration file. Here is the iiop_tls config:

(...)
plugins:iiop_tls:ClassName = "com.iona.corba.iiop.tls.IIOPTLSPlugIn";
plugins:iiop_tls:shlib_name = "it_iiop_tls";
policies:iiop_tls:mechanism_policy:protocol_version = "TLS_V1_2";
policies:iiop_tls:mechanism_policy:ciphersuites = [...];
policies:iiop_tls:certificate_constraints_policy = [...];
policies:iiop_tls:client_secure_invocation_policy:requires = ["Confidentiality", "EstablishTrustInTarget"];
policies:iiop_tls:client_secure_invocation_policy:supports = ["Confidentiality", "EstablishTrustInTarget", "DetectMisordering", "DetectReplay", "Integrity"];
policies:iiop_tls:max_chain_length_policy = "3";

binding:server_binding_list =  ["GIOP IIOP_TLS"];
binding:client_binding_list =  ["GIOP IIOP_TLS"];
orb_plugins = ["iiop_tls", ...];
(...)

I'm also using atli2_tls, tls, x509 and corba_security plugins, as it was required.
I'm getting the following exception during an lookup operation:

Exception in thread "main" java.lang.NoSuchFieldError: TLS_V1_1
        at com.iona.corba.atli2.tls.JSSEMethodsImpl.<clinit>(Unknown Source)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:264)
        at com.iona.corba.atli2.tls.TLSPoolImpl.<init>(Unknown Source)
        at com.iona.corba.atli2.tls.TLSTransportImpl.create_pool(Unknown Source)
        at com.iona.corba.iiop.tls.IIOPTLSPerORBState.create_pool_adapter(Unknown Source)
        at com.iona.corba.atli_protocol.ip.PerORBState.retrieve_pool_adapter(Unknown Source)
        at com.iona.corba.iiop.tls.IIOPTLSClientInterceptorFactoryImpl.validate_policies(Unknown Source)
        at com.iona.corba.art.binding.ClientBindery.validate(Unknown Source)
        at com.iona.corba.art.binding.ClientBindery.try_ior(Unknown Source)
        at com.iona.corba.art.binding.ProxyBinding.get_binding(Unknown Source)
        at com.iona.corba.art.binding.ClientInvocationImpl.boot(Unknown Source)
        at com.iona.corba.art.binding.BindingManagerImpl.start_client_invocation(Unknown Source)
        at com.iona.corba.art.binding.IORProxy.request(Unknown Source)
        at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449)
        at org.omg.CosNaming._NamingContextStub.resolve(_NamingContextStub.java:242)
(...)

The Logger also informs me that "Limited strength policy files are installed in this JVM (...)".

I suppose it might be a compatibility issue between libraries or a bug, as I've specified clearly in the config that the
TLS V1.2 should be used, and the JSSEMethodsImpl try to access the not existing / private field TLS_V1_1,
which is not available / should not be available.

Did someone have a similar problem?

Thank you very much!

Kind regards,

Cristian Dragnea


#TLS
#CORBA
#Orbix6.3.9
#TLS_V1_2
#Orbix
#NoSuchFieldError

Hello everybody!

I'm trying to test the TLS encryption between a Java test client (a driver) and an Orbix server.
The Java test client runs from Linux using JDK 1.8 and the iiop_tls Orbix library from Orbix 6.3.9.
I've used a minimal configuration file. Here is the iiop_tls config:

(...)
plugins:iiop_tls:ClassName = "com.iona.corba.iiop.tls.IIOPTLSPlugIn";
plugins:iiop_tls:shlib_name = "it_iiop_tls";
policies:iiop_tls:mechanism_policy:protocol_version = "TLS_V1_2";
policies:iiop_tls:mechanism_policy:ciphersuites = [...];
policies:iiop_tls:certificate_constraints_policy = [...];
policies:iiop_tls:client_secure_invocation_policy:requires = ["Confidentiality", "EstablishTrustInTarget"];
policies:iiop_tls:client_secure_invocation_policy:supports = ["Confidentiality", "EstablishTrustInTarget", "DetectMisordering", "DetectReplay", "Integrity"];
policies:iiop_tls:max_chain_length_policy = "3";

binding:server_binding_list =  ["GIOP IIOP_TLS"];
binding:client_binding_list =  ["GIOP IIOP_TLS"];
orb_plugins = ["iiop_tls", ...];
(...)

I'm also using atli2_tls, tls, x509 and corba_security plugins, as it was required.
I'm getting the following exception during an lookup operation:

Exception in thread "main" java.lang.NoSuchFieldError: TLS_V1_1
        at com.iona.corba.atli2.tls.JSSEMethodsImpl.<clinit>(Unknown Source)
        at java.lang.Class.forName0(Native Method)
        at java.lang.Class.forName(Class.java:264)
        at com.iona.corba.atli2.tls.TLSPoolImpl.<init>(Unknown Source)
        at com.iona.corba.atli2.tls.TLSTransportImpl.create_pool(Unknown Source)
        at com.iona.corba.iiop.tls.IIOPTLSPerORBState.create_pool_adapter(Unknown Source)
        at com.iona.corba.atli_protocol.ip.PerORBState.retrieve_pool_adapter(Unknown Source)
        at com.iona.corba.iiop.tls.IIOPTLSClientInterceptorFactoryImpl.validate_policies(Unknown Source)
        at com.iona.corba.art.binding.ClientBindery.validate(Unknown Source)
        at com.iona.corba.art.binding.ClientBindery.try_ior(Unknown Source)
        at com.iona.corba.art.binding.ProxyBinding.get_binding(Unknown Source)
        at com.iona.corba.art.binding.ClientInvocationImpl.boot(Unknown Source)
        at com.iona.corba.art.binding.BindingManagerImpl.start_client_invocation(Unknown Source)
        at com.iona.corba.art.binding.IORProxy.request(Unknown Source)
        at org.omg.CORBA.portable.ObjectImpl._request(ObjectImpl.java:449)
        at org.omg.CosNaming._NamingContextStub.resolve(_NamingContextStub.java:242)
(...)

The Logger also informs me that "Limited strength policy files are installed in this JVM (...)".

I suppose it might be a compatibility issue between libraries or a bug, as I've specified clearly in the config that the
TLS V1.2 should be used, and the JSSEMethodsImpl try to access the not existing / private field TLS_V1_1,
which is not available / should not be available.

Did someone have a similar problem?

Thank you very much!

Kind regards,

Cristian Dragnea


#TLS
#CORBA
#Orbix6.3.9
#TLS_V1_2
#Orbix
#NoSuchFieldError
Hi Cristian,

It appears that you need all of the Orbix 6.3.9 jars below for a client to run successfully. You can confirm the list of jars needed by running the secure_bank demo with "verbose:class" java option to get the list of dependency jars.

lib/platform/java_secure_transports/1.3/tls.jar
lib/art/art/1.3/art.jar
lib/common/concurrency/1.3/concurrency.jar
lib/common/ifc/1.3/ifc.jar
lib/common/management/1.3/management.jar
lib/art/omg/1.3/omg.jar
lib/platform/java_transports/1.3/iiop.jar
lib/platform/java_transports/1.3/codeset.jar
lib/art/atli2/1.3/atli2.jar
lib/art/atli2_ip_cio/1.3/atli2_ip_cio.jar
lib/art/atli2_ip/1.3/atli2_ip.jar
lib/art/atli2_ip_nio/1.3/atli2_ip_nio.jar
lib/art/atli2_tls/1.3/atli2_tls.jar

Hope this helps.

Regards,
Karthi.
Terms & ConditionsAccessibility statement