This discussion is archived
1 2 3 Previous Next 31 Replies Latest reply: Jun 2, 2013 7:50 AM by Murray9654 Go to original post RSS
  • 15. Re: socket.getOutputStream getting blocked for significant amount of time?
    EJP Guru
    Currently Being Moderated
    Always create the ObjectOutputStream first, before the ObjectInputStream.

    NB crossposted to StackOverflow.
  • 16. Re: socket.getOutputStream getting blocked for significant amount of time?
    Murray9654 Newbie
    Currently Being Moderated
    I have tried changing the order but the same thing happens. On the server Socket.getOutputStream gets blocked. After it is released everything is fine.
  • 17. Re: socket.getOutputStream getting blocked for significant amount of time?
    EJP Guru
    Currently Being Moderated
    I suggest you get rid of the anonymous cipher suite and try again.
  • 18. Re: socket.getOutputStream getting blocked for significant amount of time?
    Murray9654 Newbie
    Currently Being Moderated
    Now I have changed my code as follows:-

    Client(destop) code:-
    SSLSocket socket= (SSLSocket)sslsf.createSocket(ip,Constants.CHAT_SERVER_PORT);
                   final String[] enabledCipherSuites = socket.getSupportedCipherSuites();
                   socket.setEnabledCipherSuites(enabledCipherSuites);                    
                   socket.startHandshake();               
                   InputStream in=socket.getInputStream();                    
                   OutputStream out=socket.getOutputStream();               
                   ObjectOutputStream oos=new ObjectOutputStream(out);     
                   oos.flush();               
                   ObjectInputStream ois=new ObjectInputStream(in);
    Server (Android) code:-
    SSLServerSocket ss=(SSLServerSocket)sslssf.createServerSocket(Constants.CHAT_SERVER_PORT);
                   final String[] enabledCipherSuites = ss.getSupportedCipherSuites();
                   ss.setEnabledCipherSuites(enabledCipherSuites);               
                   while(true){                    
                        Socket s=ss.accept();               
                        OutputStream out=s.getOutputStream();                    
                        ObjectOutputStream oos=new ObjectOutputStream(out);
                        oos.flush();
                            }
    But the problem is the same.

    Do I have to create truststore and keystore? Do I have to use them? are they mandatory?

    Edited by: Muralidhar on May 12, 2013 6:31 PM
  • 19. Re: socket.getOutputStream getting blocked for significant amount of time?
    baftos Expert
    Currently Being Moderated
    The SSL negotiation requires generation of a cryptographically strong random number. This generation may be slow and vary from machine to machine.
    Google for "SecureRandom speed". Experiment with SecureRandom on the two client machines. Just a guess!

    Edit: You may also want to check if it is always the same client or always the first client that has the delay. Maybe Android's first random generation is slow on your specific device.
    You may also want to try another device.

    Edited by: baftos on May 12, 2013 9:49 AM
  • 20. Re: socket.getOutputStream getting blocked for significant amount of time?
    Murray9654 Newbie
    Currently Being Moderated
    I have googled some examples on using SSL. Most of the examples uses the following opions with java command.
    java -Djavax.net.ssl.keyStore=mySrvKeystore -Djavax.net.ssl.keyStorePassword=123456 
    but i am not using them. I am starting the server and and client just using java command. I am also not using keystore and truststore? Is there any problem with this? I also have googled "SecureRandom speed" and have read some info on it. Programatically I am not generating this anywhere in the code. It might be happening automatically when we use SSL socket. So how does this help me?
  • 21. Re: socket.getOutputStream getting blocked for significant amount of time?
    baftos Expert
    Currently Being Moderated
    Programatically I am not generating this anywhere in the code. It might be happening automatically when we use SSL socket. So how does this help me?
    It may help or it may not. It may be that one of your 3 devices has a slow/faulty random number generator (most of the time hardware is involved). And yes, it would be used under the hood by JSSE.
    Performing the SecureRandom experiment would definitely show me right or wrong. But if I am right, I can propose a workaround. Or if the faulty 'device' is the Android simulator, I would not bother.
  • 22. Re: socket.getOutputStream getting blocked for significant amount of time?
    Murray9654 Newbie
    Currently Being Moderated
    I have used the following code on android device where the problem exist
                                    SecureRandom myue=null;
                        try{
                             myue=SecureRandom.getInstance("SHA1PRNG");
                        }catch(Exception e){
                             System.out.println(e);
                        }
                        myue.setSeed(myue.generateSeed(14578));
                        System.out.println(myue.nextInt());
    It have not taken any time to generate the number.

    Edited by: Muralidhar on May 12, 2013 9:57 PM
  • 23. Re: socket.getOutputStream getting blocked for significant amount of time?
    baftos Expert
    Currently Being Moderated
    I refreshed my SSL handshake knowledge from here http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp?topic=%2Fcom.ibm.mq.csqzas.doc%2Fsy10660_.htm and it states that only the client generates the random number (step 4). Try your clients as well.
  • 24. Re: socket.getOutputStream getting blocked for significant amount of time?
    Murray9654 Newbie
    Currently Being Moderated
    I have tried on the client(desktop) as well. It did not took any time.
  • 25. Re: socket.getOutputStream getting blocked for significant amount of time?
    Murray9654 Newbie
    Currently Being Moderated
    We have hired people to resolve this. None were able to identify what the problem is. Something strange.
  • 26. Re: socket.getOutputStream getting blocked for significant amount of time?
    EJP Guru
    Currently Being Moderated
    Muralidhar wrote:
    I wrote:
    I suggest you get rid of the anonymous cipher suite and try again.
    Now I have changed my code as follows:-

    Client(destop) code:-
    SSLSocket socket= (SSLSocket)sslsf.createSocket(ip,Constants.CHAT_SERVER_PORT);
                   final String[] enabledCipherSuites = socket.getSupportedCipherSuites();
                   socket.setEnabledCipherSuites(enabledCipherSuites);                    
    That doesn't constitute 'getting rid of the anonymous cipher suites' at all. Remove* the last two lines of code.

    And try again.

    I don't know why you're posting here if you're not going to take the advice offered.
  • 27. Re: socket.getOutputStream getting blocked for significant amount of time?
    Murray9654 Newbie
    Currently Being Moderated
    EJP wrote:
    That doesn't constitute 'getting rid of the anonymous cipher suites' at all. Remove* the last two lines of code.

    And try again.

    I don't know why you're posting here if you're not going to take the advice offered.
    Hi please don't come to conclusions so fast. I am facing this often and also requesting often not to draw fast conclusions. Yes i have removed anonymous cipher suite and tried all the suggestions given here. The following is the code on android without anonymous suite
    try{                    
                        String keyStoreType = KeyStore.getDefaultType();
                        KeyStore keyStore = KeyStore.getInstance(keyStoreType);
                        keyStore.load(Dummy.class.getResourceAsStream("IPMessengerServerKeystore"), "dhar9654".toCharArray());                    
                        
                        String keyalg=KeyManagerFactory.getDefaultAlgorithm();
                        kmf=KeyManagerFactory.getInstance(keyalg);
                        kmf.init(keyStore, "dhar9654".toCharArray());
                        
                   }catch(Exception e){
                        e.printStackTrace();
                   }
                            SSLContext context = SSLContext.getInstance("TLS");
                   context.init(MainActivity.kmf.getKeyManagers(), null, null);               
                   SSLServerSocket ss=(SSLServerSocket)context.getServerSocketFactory().createServerSocket(Constants.CHAT_SERVER_PORT);
                            while(true){                    
                        Socket s=ss.accept();                         
                        OutputStream out=s.getOutputStream();     // problematic line               
                        ObjectOutputStream oos=new ObjectOutputStream(out);
                           }          
    see why would i post here if i don't feel that i can get a genuine help. And why would i not follow the suggestions if they are valuable and helping. Please don't draw conclusions out of air.

    Edited by: Muralidhar on May 22, 2013 7:19 AM
  • 28. Re: socket.getOutputStream getting blocked for significant amount of time?
    EJP Guru
    Currently Being Moderated
    why would i post here
    Why would you re-post code that you had already been advised to modify?
    Please don't draw conclusions out of air.
    My conclusions are based on your actions.

    The point is that by enabling extra cipher suites that aren't going to be present in production, according to a statement you made above, you aren't testing the same thing that you need to test in production. The problem could conceivably be due to the anonymous cipher suite.

    The other point is that when people give advice and see it ignored they tend to react accordingly.
  • 29. Re: socket.getOutputStream getting blocked for significant amount of time?
    Murray9654 Newbie
    Currently Being Moderated
    EJP wrote:
    why would i post here
    Why would you re-post code that you had already been advised to modify?
    I don't know when i have re posted the code. first time when suggested to remove i thought i have removed by enabling all cipher suites including disabled ones. after that there was suggestion saying that it was not right so i have worked hard and then removed them permanently and posted the code just now when u made a statement that i have not followed suggestions.
    Please don't draw conclusions out of air.
    My conclusions are based on your actions.
    I am not sure what i have done.
    >
    The point is that by enabling extra cipher suites that aren't going to be present in production, according to a statement you made above, you aren't testing the same thing that you need to test in production. The problem could conceivably be due to the anonymous cipher suite.
    Yes i completely agree. did u look at the code i have just posted. do you still think that i am using anonymous or disabled cipher suites? I have removed them. None were there in my code.
    >
    The other point is that when people give advice and see it ignored they tend to react accordingly.
    Sorry if i made you feel that way.

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points