Using SSL connection with Akka - Can't get configuration to work

Question

I'm currently looking into settings up a client/server application using Akka remote actors to communicate. As a part of that setup, I would like to enable the build-in ssl mode, which is supported through netty.

However I'm not entirely sure on how to exactly set the parameters, even though I have tried a number of different combinations.

I have used http://doc.akka.io/docs/akka/2.2.0/java/remoting.html for reference on the different parameters.

Regarding creating keystore and truststore I have used the guide in this link: http://www.ibm.com/developerworks/library/j-customssl/sidebar.html

The relevant part of my configuration looks like this on the client:

remote {
enabled-transports = ["akka.remote.netty.ssl"]
netty.ssl {
  host = "" 
  port = 0
  enable-ssl = true
}
netty.ssl.security {
  key-store = "ServiceTesterClientKeys"
  trust-store = "clientTrust"
  key-store-password = "XX"
  key-password = "XX"
  trust-store-password = "YY"
  protocol = "TLSv1"
  random-number-generator = "AES128CounterSecureRNG"
  enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
}
}

and like this on the server:

remote {

enabled-transports = ["akka.remote.netty.ssl"]
netty.ssl {
  hostname = ""
  port = 2562
  enable-ssl = true
}
netty.ssl.security {
  key-store = "serverKeys"
  trust-store = "serverTrust"
  key-store-password = "YY"
  key-password = "YY"
  trust-store-password = "XX"
  protocol = "TLSv1"
  random-number-generator = "AES128CounterSecureRNG"
  enabled-algorithms = [TLS_RSA_WITH_AES_128_CBC_SHA]
 }
 }

Do I need to add the properties or can Akka find it as long as it's on the classpath?

-Djavax.net.ssl.keyStore=A
-Djavax.net.ssl.trustStore=B

At runtime I get a long stack, but in the beginning it says:

[MySystem-akka.actor.default-dispatcher-11] ERROR akka.remote.EndpointWriter - AssociationError [akka.ssl.tcp://[email protected]:10693] -> [akka.ssl.tcp://MyServerSystem@localhost:2562]: Error [Association failed with [akka.ssl.tcp://MyServerSystem@localhost:2562]] [ akka.remote.EndpointAssociationException: Association failed with [akka.ssl.tcp://MyServerSystem@localhost:2562]

Caused by: akka.remote.transport.netty.NettyTransport$$anonfun$associate$1$$anon$2: Failed to initialize a pipeline.

Caused by: akka.remote.RemoteTransportException: Client SSL connection could not be established because SSL context could not be constructed.

Help would be very much appreciated. Regards Stefan

Answer 1

Okay, I have looked further into the issue.

The problem was related to the random-number-generator = "AES128CounterSecureRNG" property. Instead I have choosen to use the default implementation.

I guess I will need to add the provider, if I want to use this implementation.

For those who looked thanks for your time.