I am using SSLEngine to communicate an SSL client over USB
Handshaking pass correctly and i start getting encrypted data, but when i transfer a specific data, it sends me a "Close Notify" message (15 03 03..) and i can't figure out why??!!
The specific message, should have no issue, i confirmed it many times
I triple checked certificate and private key, they are the correct ones (and not compromised or anything)
I thought perhaps the client trying to ReHandshake but as far as i understand, ReHandshaking should start with by a Client Hello and not Close Notify (correct?)
This is the current settings
TrustManager[] dummyTrustManager = new TrustManager[] { new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
public void checkClientTrusted(X509Certificate[] certs, String authType) {
}
public void checkServerTrusted(X509Certificate[] certs, String authType) {
}
} };
KeyStore keyStore = KeyStore.getInstance("PKCS12");
InputStream kstore = activity.getAssets().open("my_file.pfx");
keyStore.load(kstore, "my_pass".toCharArray());
KeyManagerFactory kmf = KeyManagerFactory
.getInstance(KeyManagerFactory.getDefaultAlgorithm());
kmf.init(keyStore, "my_pass".toCharArray());
SSLContext ctx = SSLContext.getInstance("TLS");
ctx.init(kmf.getKeyManagers(), dummyTrustManager,
SecureRandom.getInstanceStrong());
sslEngine = ctx.createSSLEngine();
sslEngine.setUseClientMode(false);
sslEngine.setNeedClientAuth(true);
Also, i created the pfx file using the next link. I know that the client has the root certificate pinned so i do not need to make the chain, but i tried it both ways
Is there anything wrong with the code or the command to make the pfx? Else, what can cause a Close Notify?
Again reminding that the handshake passed and the Notify Close after at least 20 messages encrypted/decrypted correctly.
Close Notify is simply a normal TLS connection shutdown. Thus something you've send made the server close the connection. This has nothing to do with TLS itself. Maybe you've implement the (unknown) application protocol in the wrong way, failed to authenticate properly or maybe explicitly issued an application command to close the connection.