Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Feed Topic RSS sp_TopicIcon
Received less than 32 byte nonce from the server
September 9, 2021
14:36, EEST
Avatar
rocket science
Member
Members
Forum Posts: 88
Member Since:
March 16, 2017
sp_UserOfflineSmall Offline

Hi,

I’ve problems connection to a particular OpcUa server. The error message is:
com.prosysopc.ua.client.ConnectException: Received less than 32 byte nonce from the server, was:null: opc.tcp://192.168.1.1:55511 [http://opcfoundation.org/UA/SecurityPolicy#None,None]

Is it a problem of the client SDK or is it a problem on the OpcUa server?

When connecting to the server using UA-Expert, the connections can be established.

Any idea what I can do in such a case?

2021-09-09 11:40:03,119 com.prosysopc.ua.stack.transport.tcp.io.TcpConnection: /192.168.1.1:55511 Connecting
2021-09-09 11:40:03,119 com.prosysopc.ua.stack.transport.tcp.io.TcpConnection: Connected (non-reverse), handshake completed, local=/192.168.1.12:56695, remote=/192.168.1.1:55511
2021-09-09 11:40:03,135 com.prosysopc.ua.client.UaClient: Failed to CloseSession:
ServiceFault [ResponseHeader=”ResponseHeader [Timestamp=”09/09/21 11:40:03.1198200 GMT”, RequestHandle=”2″, ServiceResult=”Bad_SessionIdInvalid (0x80250000) “The session id is not valid.””,
ServiceDiagnostics=”Diagnostic Info:
“, StringTable=”null”, AdditionalHeader=”null”]”]
at com.prosysopc.ua.stack.transport.impl.AsyncResultImpl.waitForResult(SourceFile:282)
at com.prosysopc.ua.stack.transport.tcp.io.SecureChannelTcp.serviceRequest(SourceFile:869)
at com.prosysopc.ua.stack.transport.tcp.io.SecureChannelTcp.serviceRequest(SourceFile:808)
at com.prosysopc.ua.stack.application.SessionChannel.serviceRequest(SourceFile:399)
at com.prosysopc.ua.stack.transport.ChannelService.CloseSession(SourceFile:511)
at com.prosysopc.ua.client.UaClient.d(SourceFile:5144)
at com.prosysopc.ua.client.UaClient.disconnect(SourceFile:989)
at com.prosysopc.ua.client.UaClient.disconnect(SourceFile:965)
at com.prosysopc.ua.client.UaClient.disconnect(SourceFile:949)
at com.prosysopc.ua.client.UaClient.connect(SourceFile:928)
2021-09-09 11:40:03,151 com.prosysopc.ua.stack.transport.tcp.io.SecureChannelTcp: 405400713 Closed
2021-09-09 11:40:03,151 com.prosysopc.ua.stack.transport.tcp.io.TcpConnection: /192.168.1.1:55511 Closed
2021-09-09 11:40:03,151 com.prosysopc.ua.stack.transport.tcp.io.TcpConnection: /192.168.1.1:55511 Closed (expected)
com.prosysopc.ua.client.ConnectException: Received less than 32 byte nonce from the server, was:null: opc.tcp://192.168.1.1:55511 [http://opcfoundation.org/UA/SecurityPolicy#None,None]
Diagnostics=Diagnostic Info:
Received less than 32 byte nonce from the server, was:null: opc.tcp://192.168.1.11:55511 [http://opcfoundation.org/UA/SecurityPolicy#None,None]
at com.prosysopc.ua.client.UaClient.G(SourceFile:5355)
at com.prosysopc.ua.client.UaClient.connect(SourceFile:902)

September 9, 2021
15:41, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 1032
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline

Hi,

The server side must be fixed.

In CreateSession and ActivateSession the nonce must _always_ exist and be at least 32bytes: https://reference.opcfoundation.org/Core/docs/Part4/5.6.2/
” serverNonce ByteString A random number that should never be used in any other request.
This number shall have a minimum length of 32 bytes.
The Client shall use this value to prove possession of its Application Instance Certificate in the ActivateSession request.
This value may also be used to prove possession of the userIdentityToken it specified in the ActivateSession request.”
https://reference.opcfoundation.org/Core/docs/Part4/5.6.3/
” serverNonce ByteString A random number that should never be used in any other request.
This number shall have a minimum length of 32 bytes.
The Client shall use this value to prove possession of its Application Instance Certificate in the next call to ActivateSession request.”

It should be noted that this nonce-length is separate from the OpenSecureChannel nonces, which are affected defined by Part 7 Profiles.

UaClient does currently make one exception to this, if all 3 match:
– MessageSecurityMode is None
– SecurityPolicy is NONE
– UserTokenType in set UserIdentity is UserTokenType.Anonymous

Then we can ignore it, since it would not be used in anything.

The nonce is used in 2 places for ApplicationInstanceCertificate validation and useridentity signing/encryption. It prevents some attacks since some encrypted parts do not repeat due to unique nonces being used as part of the process.

Forum Timezone: Europe/Helsinki

Most Users Ever Online: 1919

Currently Online:
18 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

Heikki Tahvanainen: 402

hbrackel: 144

rocket science: 88

pramanj: 86

Francesco Zambon: 83

Ibrahim: 78

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

Member Stats:

Guest Posters: 0

Members: 727

Moderators: 7

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1529

Posts: 6471

Newest Members:

ellis87832073466, zkxwilliemae, gabriellabachus, Deakin, KTP25Zof, Wojciech Kubala, efrennowell431, wilfredostuart, caitlynfajardo, jeromechubb7

Moderators: Jouni Aro: 1026, Pyry: 1, Petri: 0, Bjarne Boström: 1032, Jimmy Ni: 26, Matti Siponen: 349, Lusetti: 0

Administrators: admin: 1