IceSSL without certificates in Java

tctimmeh

I'm trying to create a client and server, java on both sides, using IceSSL but without the need for certificates. I've set IceSSL.VerifyPeer to 0 on both sides, with no other IceSSL configuration, but I still get a handshake security error when the connection is made. What am I missing?

mes

Hi Tim,

If you enable connection tracing in the server (Ice.Warn.Connections=1), you'll probably see a message like this:

Caused by javax.net.ssl.SSLHandshakeException: no cipher suites in common

As this message implies, the cipher suites that Java enables by default require the use of certificates. If you want to avoid using certificates, you'll need to configure a cipher suite that does not require a certificate, such as Anonymous Diffie-Hellman. Here's an example configuration that works correctly:

IceSSL.VerifyPeer=0
IceSSL.Ciphers=(.*DH_anon.*)

You can set IceSSL.Trace.Security=1 to see a detailed list of the enabled cipher suites during connection establishment. Refer to section 42.4.5 in the manual for more information on configuring cipher suites.

Regards,
Mark

tctimmeh

Perfect, that works like a charm. Thanks!