Unable to connect remotly, SSLException Error

[mikecay]

Hi,

I've seen this error reported in the iOS section. I have 1.6 installed and I have been using HABDroid successfully for quite some time, but just recently I have not been able to connect remotely and I am getting the following error in the openhab.log file.

2015-09-11 00:28:17.107 [WARN ] [org.eclipse.jetty.io.nio ] - java.io.IOException: Broken pipe

2015-09-11 00:28:26.920 [WARN ] [org.eclipse.jetty.io.nio ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-09-11 00:28:56.747 [WARN ] [org.eclipse.jetty.io.nio ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-09-11 00:29:21.188 [WARN ] [org.eclipse.jetty.io.nio ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

2015-09-11 00:29:26.887 [WARN ] [org.eclipse.jetty.io.nio ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

The only change I recall making prior to this error is a change to my sitemap, but I don't think this is the problem. HABDroid works fine when I connected locally and the web UI works fine locally also. If I try and connect remotely using the web UI, chrome tells me I am trying to connect to an unsecure connection.

Any idea what may have happened?

Regards,

Mike

[belovictor]

I think it is a problem with SSL. Can you try setting ignore SSL in settings of the app?

[mikecay]

Hi, I just tried it and no luck. I am not at home right now so I can't tell you what the logs say but I will report back in a few hours.

Mike

[mikecay]

I just checked openhab.log and I get the same error repeated several times

2015-09-12 00:34:13.432 [WARN ] [org.eclipse.jetty.io.nio ] - javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

Mike

[belovictor]

This message means client (in the app) didn't like the SSL handshake and closed the connection. Can you get a logcat from your android device during this error?

[mikecay]

Hi,

Thank you for your response. I did try that but it did not work. I believe the problem is on the OpenHAB side, more specifically with the keystore. When I issue the following command.

openssl s_client -connect localhost:8443

I would expect something similar to the following output:

-----END CERTIFICATE----- subject=/C=Unknown/ST=Unknown/L=Unknown/O=openHAB/OU=Unknown/CN=openhab.org issuer=/C=Unknown/ST=Unknown/L=Unknown/O=openHAB/OU=Unknown/CN=openhab.org --- No client certificate CA names sent --- SSL handshake has read 1614 bytes and written 296 bytes --- New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol : TLSv1 Cipher : DHE-RSA-AES256-SHA Session-ID: 52B1FD317C19B5067235A4FDF277B0AF5FFDF7AA760A431CC53B8C0C2CC796A7 Session-ID-ctx: Master-Key: 8EEAA5595C7E46BEAFABC4CAE2797A704FD79754BB2BDBF3159CC42427E497C5B58522D7ED166A1A256D1189148EB93E Key-Arg : None Start Time: 1387396401 Timeout : 300 (sec) Verify return code: 18 (self signed certificate) ---

but instead I get the following:

CONNECTED(00000003) 3070153936:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177: --- no peer certificate available --- No client certificate CA names sent ---
SSL handshake has read 0 bytes and written 323 bytes ---
New, (NONE) Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE ---

I have not investigated much beyond this but I assume I have to regenerate a self-signed certificate. The way I would normally do this in Linux does not appear to work here. Is there a procedure on how to create a certificate for the Keystore?

Thank you,

Mike

[mikecay]

I saw that I had accidently closed the issue. It is still an ongoing problem.

Mike

[belovictor]

@mikecay , unfortunately I have no idea how to do that. Maybe @kaikreuzer can answer. But anyway, it's not an Android app problem, so I'm closing this.