Avatar

Please consider registering
guest

sp_LogInOut Log In sp_Registration Register

Register | Lost password?
sp_Search Search
Advanced Search
Advanced Search

— Forum Scope —




— Match —





— Forum Options —





Minimum search word length is 3 characters - maximum search word length is 84 characters

sp_Search Search
Go to Bottom
No permission to create posts
sp_Feed Topic RSS sp_TopicIcon
Received less than 32 byte nonce from the server
September 9, 2021
14:36, EEST
Avatar
rocket science
Member
Members
Forum Posts: 77
Member Since:
March 16, 2017
sp_UserOfflineSmall Offline
Go to Top
1sp_Permalink sp_Print

Hi,

I’ve problems connection to a particular OpcUa server. The error message is:
com.prosysopc.ua.client.ConnectException: Received less than 32 byte nonce from the server, was:null: opc.tcp://192.168.1.1:55511 [http://opcfoundation.org/UA/SecurityPolicy#None,None]

Is it a problem of the client SDK or is it a problem on the OpcUa server?

When connecting to the server using UA-Expert, the connections can be established.

Any idea what I can do in such a case?

2021-09-09 11:40:03,119 com.prosysopc.ua.stack.transport.tcp.io.TcpConnection: /192.168.1.1:55511 Connecting
2021-09-09 11:40:03,119 com.prosysopc.ua.stack.transport.tcp.io.TcpConnection: Connected (non-reverse), handshake completed, local=/192.168.1.12:56695, remote=/192.168.1.1:55511
2021-09-09 11:40:03,135 com.prosysopc.ua.client.UaClient: Failed to CloseSession:
ServiceFault [ResponseHeader=”ResponseHeader [Timestamp=”09/09/21 11:40:03.1198200 GMT”, RequestHandle=”2″, ServiceResult=”Bad_SessionIdInvalid (0x80250000) “The session id is not valid.””,
ServiceDiagnostics=”Diagnostic Info:
“, StringTable=”null”, AdditionalHeader=”null”]”]
at com.prosysopc.ua.stack.transport.impl.AsyncResultImpl.waitForResult(SourceFile:282)
at com.prosysopc.ua.stack.transport.tcp.io.SecureChannelTcp.serviceRequest(SourceFile:869)
at com.prosysopc.ua.stack.transport.tcp.io.SecureChannelTcp.serviceRequest(SourceFile:808)
at com.prosysopc.ua.stack.application.SessionChannel.serviceRequest(SourceFile:399)
at com.prosysopc.ua.stack.transport.ChannelService.CloseSession(SourceFile:511)
at com.prosysopc.ua.client.UaClient.d(SourceFile:5144)
at com.prosysopc.ua.client.UaClient.disconnect(SourceFile:989)
at com.prosysopc.ua.client.UaClient.disconnect(SourceFile:965)
at com.prosysopc.ua.client.UaClient.disconnect(SourceFile:949)
at com.prosysopc.ua.client.UaClient.connect(SourceFile:928)
2021-09-09 11:40:03,151 com.prosysopc.ua.stack.transport.tcp.io.SecureChannelTcp: 405400713 Closed
2021-09-09 11:40:03,151 com.prosysopc.ua.stack.transport.tcp.io.TcpConnection: /192.168.1.1:55511 Closed
2021-09-09 11:40:03,151 com.prosysopc.ua.stack.transport.tcp.io.TcpConnection: /192.168.1.1:55511 Closed (expected)
com.prosysopc.ua.client.ConnectException: Received less than 32 byte nonce from the server, was:null: opc.tcp://192.168.1.1:55511 [http://opcfoundation.org/UA/SecurityPolicy#None,None]
Diagnostics=Diagnostic Info:
Received less than 32 byte nonce from the server, was:null: opc.tcp://192.168.1.11:55511 [http://opcfoundation.org/UA/SecurityPolicy#None,None]
at com.prosysopc.ua.client.UaClient.G(SourceFile:5355)
at com.prosysopc.ua.client.UaClient.connect(SourceFile:902)

September 9, 2021
15:41, EEST
Avatar
Bjarne Boström
Moderator
Moderators
Forum Posts: 983
Member Since:
April 3, 2012
sp_UserOfflineSmall Offline
Go to Top
2sp_Permalink sp_Print

Hi,

The server side must be fixed.

In CreateSession and ActivateSession the nonce must _always_ exist and be at least 32bytes: https://reference.opcfoundation.org/Core/docs/Part4/5.6.2/
” serverNonce ByteString A random number that should never be used in any other request.
This number shall have a minimum length of 32 bytes.
The Client shall use this value to prove possession of its Application Instance Certificate in the ActivateSession request.
This value may also be used to prove possession of the userIdentityToken it specified in the ActivateSession request.”
https://reference.opcfoundation.org/Core/docs/Part4/5.6.3/
” serverNonce ByteString A random number that should never be used in any other request.
This number shall have a minimum length of 32 bytes.
The Client shall use this value to prove possession of its Application Instance Certificate in the next call to ActivateSession request.”

It should be noted that this nonce-length is separate from the OpenSecureChannel nonces, which are affected defined by Part 7 Profiles.

UaClient does currently make one exception to this, if all 3 match:
– MessageSecurityMode is None
– SecurityPolicy is NONE
– UserTokenType in set UserIdentity is UserTokenType.Anonymous

Then we can ignore it, since it would not be used in anything.

The nonce is used in 2 places for ApplicationInstanceCertificate validation and useridentity signing/encryption. It prevents some attacks since some encrypted parts do not repeat due to unique nonces being used as part of the process.

No permission to create posts
sp_Feed All RSS
Go to top
Forum Timezone: Europe/Helsinki

Most Users Ever Online: 518

Currently Online:
22 Guest(s)

Currently Browsing this Page:
1 Guest(s)

Top Posters:

hbrackel: 135

pramanj: 86

Francesco Zambon: 81

rocket science: 77

Ibrahim: 76

Sabari: 62

kapsl: 57

gjevremovic: 49

Xavier: 43

fred: 41

Member Stats:

Guest Posters: 0

Members: 681

Moderators: 16

Admins: 1

Forum Stats:

Groups: 3

Forums: 15

Topics: 1467

Posts: 6261

Newest Members:

graciela2073, sagarchau, elviralangwell4, Donnavek, Eddiefauth, DonaldPooma, fidelduke938316, Jan-Pfizer, DavidROunc, fen.pang@woodside.com

Moderators: Jouni Aro: 1010, Otso Palonen: 32, Tuomas Hiltunen: 5, Pyry: 1, Petri: 0, Bjarne Boström: 983, Heikki Tahvanainen: 402, Jukka Asikainen: 1, moldzh08: 0, Jimmy Ni: 26, Teppo Uimonen: 21, Markus Johansson: 42, Niklas Nurminen: 0, Matti Siponen: 321, Lusetti: 0, Ari-Pekka Soikkeli: 5

Administrators: admin: 1