6

I'm currently looking into settings up a client/server application using Akka remote actors to communicate. As a part of that setup, I would like to enable the build-in ssl mode, which is supported through netty.

However I'm not entirely sure on how to exactly set the parameters, even though I have tried a number of different combinations.

I have used http://doc.akka.io/docs/akka/2.2.0/java/remoting.html for reference on the different parameters.

Regarding creating keystore and truststore I have used the guide in this link: http://www.ibm.com/developerworks/library/j-customssl/sidebar.html

The relevant part of my configuration looks like this on the client:

remote {
enabled-transports = ["akka.remote.netty.ssl"]
netty.ssl {
  host = "" 
  port = 0
  enable-ssl = true
}
netty.ssl.security {
  key-store = "ServiceTesterClientKeys"
  trust-store = "clientTrust"
  key-store-password = "XX"
  key-password = "XX"
  trust-store-password = "YY"
  protocol = "TLSv1"
  random-number-generator = "AES128CounterSecureRNG"
  enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
}
}

and like this on the server:

remote {

enabled-transports = ["akka.remote.netty.ssl"]
netty.ssl {
  hostname = ""
  port = 2562
  enable-ssl = true
}
netty.ssl.security {
  key-store = "serverKeys"
  trust-store = "serverTrust"
  key-store-password = "YY"
  key-password = "YY"
  trust-store-password = "XX"
  protocol = "TLSv1"
  random-number-generator = "AES128CounterSecureRNG"
  enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
 }
 }

Do I need to add the properties or can Akka find it as long as it's on the classpath?

-Djavax.net.ssl.keyStore=A
-Djavax.net.ssl.trustStore=B

At runtime I get a long stack, but in the beginning it says:

[MySystem-akka.actor.default-dispatcher-11] ERROR akka.remote.EndpointWriter - AssociationError [akka.ssl.tcp://MySystem@10.195.20.11:10693] -> [akka.ssl.tcp://MyServerSystem@localhost:2562]: Error [Association failed with [akka.ssl.tcp://MyServerSystem@localhost:2562]] [ akka.remote.EndpointAssociationException: Association failed with [akka.ssl.tcp://MyServerSystem@localhost:2562]

Caused by: akka.remote.transport.netty.NettyTransport$$anonfun$associate$1$$anon$2: Failed to initialize a pipeline.

Caused by: akka.remote.RemoteTransportException: Client SSL connection could not be established because SSL context could not be constructed.

Help would be very much appreciated. Regards Stefan

4

1 回答 1

4

好的,我已经进一步研究了这个问题。

该问题与 random-number-generator = "AES128CounterSecureRNG" 属性有关。相反,我选择使用默认实现。

如果我想使用这个实现,我想我需要添加提供者。

对于那些看起来感谢您的时间的人。

于 2013-08-21T08:18:54.370 回答