(this is running jboss eap7.0 on a Windows machine )I Generated a jax-ws client to connect to external web service.
It is using https with an url of https://smartpayform.com/api/transaction/transaction.asmx
I have exported the site certificate and inserted into a keystore I created. I could not find enough detail on how to configure jboss directly (in standalone.xml or cli), so I
found some java code to add the certificate to the jax-ws client:
SSLContext sc = SSLContext.getInstance("TLS");
KeyManagerFactory kmf = KeyManagerFactory.getInstance( KeyManagerFactory.getDefaultAlgorithm() );
KeyStore ks = KeyStore.getInstance( KeyStore.getDefaultType() );
ks.load(new FileInputStream( "C:\\Users\\amikaml\\.keystore" ), certPassword.toCharArray() );
kmf.init( ks, certPassword.toCharArray() );
sc.init( kmf.getKeyManagers(), null, null );
binding.getRequestContext().put("com.sun.xml.internal.ws.transport.https.client.SSLSocketFactory",sc.getSocketFactory() );
That code runs without any exceptions. When I execute the SOAP call, I am getting the error below. If I try to access the web service outside EAP with a plain old, standalone java app, it works fine. What am I doing wrong?
Caused by: java.net.SocketException: Unrecognized Windows Sockets error: 0: recv failed
at java.net.SocketInputStream.socketRead0(Native Method) ~[?:1.8.0_111]
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116) ~[?:1.8.0_111]
at java.net.SocketInputStream.read(SocketInputStream.java:170) ~[?:1.8.0_111]
at java.net.SocketInputStream.read(SocketInputStream.java:141) ~[?:1.8.0_111]
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465) ~[?:?]
at sun.security.ssl.InputRecord.read(InputRecord.java:503) ~[?:?]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973) ~[?:?]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:?]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:?]
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) ~[?:?]
Caused by: java.net.SocketException: Unrecognized Windows Sockets error: 0: recv failed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.socketRead(SocketInputStream.java:116)
at java.net.SocketInputStream.read(SocketInputStream.java:170)
at java.net.SocketInputStream.read(SocketInputStream.java:141)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
at sun.security.ssl.InputRecord.read(InputRecord.java:503)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream0(HttpURLConnection.java:1316)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1291)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.setupWrappedStream(URLConnectionHTTPConduit.java:236)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.handleHeadersTrustCaching(HTTPConduit.java:1319)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.onFirstWrite(HTTPConduit.java:1279)
at org.apache.cxf.transport.http.URLConnectionHTTPConduit$URLConnectionWrappedOutputStream.onFirstWrite(URLConnectionHTTPConduit.java:267)
at org.apache.cxf.io.AbstractWrappedOutputStream.write(AbstractWrappedOutputStream.java:47)
at org.apache.cxf.io.AbstractThresholdOutputStream.write(AbstractThresholdOutputStream.java:69)
at org.apache.cxf.transport.http.HTTPConduit$WrappedOutputStream.close(HTTPConduit.java:1332)
UPDATE
I turned on full ssl debug logging in jboss. I see that the certificate for the endpoint is loaded:
Subject: CN=*.smartpayform.com, OU=Domain Control Validated
Issuer: CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
Algorithm: RSA; Serial number: 0xc2d0a153e5915039e88cbf7
Valid from Mon Sep 05 12:33:58 EDT 2016 until Wed Sep 06 12:33:58 EDT 2017
and here is a more complete trace of the socket error:
handling exception: java.net.SocketException: Unrecognized Windows Sockets error: 0: recv failed
SEND TLSv1.2 ALERT: fatal, description = unexpected_message
WRITE: TLSv1.2 Alert, length = 2
Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
called closeSocket()
called close()
called closeInternal(true)
The 1st three rows below from wireshark, shows the connection that does not work. You will notice it is using SSL. The second set of lines is from running the same soap call in soapui. You will see that it has "TLSv1" for the Client Hello. So I am guessing that is the problem, but not sure why.
From java.net.SocketException: Unrecognized Windows Sockets error: 0: JVM_Bind (JBOSS)
This problem occurs on some Windows systems that have the IPv6 TCP Stack installed. If both IPv4 and IPv6 are installed on the computer, the Java Virtual Machine (JVM) may have problems closing or opening sockets at the operating system level.
Add the following JVM option:
-Djava.net.preferIPv4Stack=true
Related
I have a middleware (developped with Tibco ActiveMatrix BusinessWorks, but I don't think it's very important) that have been working for months, and suddently on 2020-10-17 started to fail on a high number of requests (around 8000) with the error:
javax.ws.rs.ProcessingException: javax.net.ssl.SSLException: SSL peer shut down incorrectly
Any idea why this error would suddently start occuring, and how to solve it ? Thanks in advance.
Full stacktrace:
Job-3158 Error in [BusinessProcesses/AgendasSecurises/Helpers/Gmail/Get Event.process/Get Event] Activity invocation failed at com.tibco.pe.plugin.Activity.postEval(Unknown Source) at com.tibco.pe.plugin.Activity.postEval(Unknown Source) at com.tibco.pe.core.TaskImpl.eval(Unknown Source) at com.tibco.pe.core.Job.a(Unknown Source) at com.tibco.pe.core.Job.k(Unknown Source) at com.tibco.pe.core.JobDispatcher$JobCourier.a(Unknown Source) at com.tibco.pe.core.JobDispatcher$JobCourier.run(Unknown Source) caused by: javax.ws.rs.ProcessingException: javax.net.ssl.SSLException: SSL peer shut down incorrectly at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:287) at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:252) at org.glassfish.jersey.client.JerseyInvocation$2.call(JerseyInvocation.java:701) at org.glassfish.jersey.internal.Errors.process(Errors.java:315) at org.glassfish.jersey.internal.Errors.process(Errors.java:297) at org.glassfish.jersey.internal.Errors.process(Errors.java:228) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444) at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:697) at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:420) at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:316) at com.tibco.plugin.json.activities.RestActivity.doGet(RestActivity.java:485) at com.tibco.plugin.json.activities.RestActivity.doService(RestActivity.java:473) at com.tibco.plugin.json.activities.RestActivity$1.run(RestActivity.java:418) at com.tibco.pe.util.ThreadPool$ThreadPoolThread.run(Unknown Source) Caused by: javax.net.ssl.SSLException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.readV3Record(InputRecord.java:596) at sun.security.ssl.InputRecord.read(InputRecord.java:532) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:990) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352) at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:399) at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:285) ... 13 more
This is very likely that something changed on the server side on the mentioned date.
It could be a change of certificate or some changes that require use of a robust encryption library (for example TLS 1.2 might now be mandatory).
If you are using a recent version of BusinessWorks TLS 1.2 should be enabled by default. If you are using older versions (6.3.x) you may have to edit the bwappnode.tra file with the following :
java.extended.properties=-Xmx1024m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttps.protocols=TLSv1.1,TLSv1.2
You can use the elements from the following TIBCO KB to get more trace and debug your issue:
https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-44615
I've suddenly been getting these errors when making HTTP requests:
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1002)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:290)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:259)
at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:125)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:319)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
at com.mashape.unirest.http.HttpClientHelper.request(HttpClientHelper.java:138)
... 24 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
... 41 more
It didn't always do this, it was working fine for awhile. I then used different libraries and even a different IntelliJ project for testing, still the same issues. Things I've tried:
Changing the endpoint I'm using
Setting the TLS version to TLSv1.2 (as I found when making a browser request)
I can load the endpoint fine with a browser and Postman. My code (using the Unirest library):
System.setProperty("https.protocols", "TLSv1.2");
System.out.println(Unirest.get("https://bittrex.com/api/v1.1/public/getmarketsummary?market=btc-ltc").asString().getBody());
I'm at a loss as to what could be causing this issue, and it's extremely frustrating. Any help would be appreciated.
EDIT: Updating to JDK10 fixed the issue. See the chosen answer and it's comment thread for more info.
First, turn on SSL debug: -Djavax.net.debug=all
Redirect your code's stdout to a file and check it for errors around handshaking.
If you examine the url you use with nmap or openssl:
nmap --script ssl-enum-ciphers -p <port> <host>
or
openssl s_client -connect <host>:<port>
(host: bittrex.com, port: 443)
you can see that is uses TLSv1.2 and ECDHE-ECDSA-AES128-GCM-SHA256 cypher:
New, TLSv1/SSLv3, Cipher is ECDHE-ECDSA-AES128-GCM-SHA256
Server public key is 256 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-ECDSA-AES128-GCM-SHA256
Depending on your JDK version, you may need to install JCE extension and/or specify this cypher.
To be sure, you should print out the current supported cyphers using this little java code. If ECDHE-ECDSA-AES128-GCM-SHA256 not listed, this is your problem.
I'm facing issue connecting to LDAPS from my application. I have imported all necessary certificates on JRE keystore.
I'm able to make calls to LDAPs when I put the following string in java.security
jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
When I change this line to
jdk.tls.disabledAlgorithms=MD5, DSA, DESede, DES_CBC, DHE, RC4, SSLv3, ECDH_anon, DH_anon, NULL, DH keySize < 768, RSA keySize < 2048
my connection fails with following error:
Caused by: javax.naming.CommunicationException: simple bind failed: testxxxxl.xxxx.com:636 [Root exception is java.net.SocketException: Socket closed]
at com.sun.jndi.ldap.LdapClient.authenticate(LdapClient.java:218)
at com.sun.jndi.ldap.LdapCtx.connect(LdapCtx.java:2740)
at com.sun.jndi.ldap.LdapCtx.<init>(LdapCtx.java:316)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURL(LdapCtxFactory.java:193)
at com.sun.jndi.ldap.LdapCtxFactory.getUsingURLs(LdapCtxFactory.java:211)
at com.sun.jndi.ldap.LdapCtxFactory.getLdapCtxInstance(LdapCtxFactory.java:154)
at com.sun.jndi.ldap.LdapCtxFactory.getInitialContext(LdapCtxFactory.java:84)
at org.jboss.as.naming.InitialContext.getDefaultInitCtx(InitialContext.java:122)
... 72 more
Caused by: java.net.SocketException: Socket closed
at java.net.SocketInputStream.socketRead0(Native Method)
at java.net.SocketInputStream.read(SocketInputStream.java:152)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at sun.security.ssl.InputRecord.readFully(InputRecord.java:442)
at sun.security.ssl.InputRecord.read(InputRecord.java:480)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:934)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1332)
at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:709)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:431)
at com.sun.jndi.ldap.Connection.writeRequest(Connection.java:404)
at com.sun.jndi.ldap.LdapClient.ldapBind(LdapClient.java:358)
In wireshark it complains about certificate invalid.My question is if my certificate is invalid, it shouldn't be working with this line as well.
jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048
Please help me to solve the issue.
If you use a secure connection to the LDAP server and you see an error like the following when trying to connect to Active Directory:
simple bind failed: ad.hostname.com:636
Import the LDAP server public certificate directly into the Klocwork keystore (which should be_jvm\lib\security\cacerts).
This causes the certificate validation process at the Klocwork end to be bypassed, since you have decided to trust the LDAP server certificate by importing it into your list of trusted certificates.
Ask your LDAP administrator to set this extension of your LDAP server certificate to non-critical.
In recent versions of Java the TLSv1 has been disabled.
In my case this happened when upgrading from Java 8 to Java 11.
Re-enabling TLSv1 helped. It is as easy as defining property:
-Djdk.tls.client.protocols=TLSv1
Of course you can need also other protocols, so you can specify full list:
-Djdk.tls.client.protocols=TLSv1,TLSv1.1,TLSv1.2,TLSv1.3
I am trying to figure out why am having this type of exception all over the log file!!!!
Looking on some internet posts, apparently they talk about network interruption !!!
javax.ws.rs.ProcessingException: RESTEASY004655: Unable to invoke request
at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:287)
at com.agfa.orbis.core.client.service.rest.ClientHttpEngineWrapper.invoke(ClientHttpEngineWrapper.java:59)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:436)
at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:471)
at com.agfa.hap.base.server.ServerValidationRestCalls.getDatabase(ServerValidationRestCalls.java:51)
at com.agfa.hap.base.server.ServerValidationRestCalls.getDatabaseIdentifier(ServerValidationRestCalls.java:101)
at com.agfa.hap.base.server.ClientServerDBConsistence.determineServerDBIdentifier(ClientServerDBConsistence.java:148)
at com.agfa.hap.base.server.ClientServerDBConsistence.isClientAndIndividualServerDBIdentical(ClientServerDBConsistence.java:230)
at com.agfa.hap.base.server.ServerConnectionManager.isClientAndIndividualServerDBIdentical(ServerConnectionManager.java:329)
at com.agfa.hap.base.server.ServerConnectionManager.checkAppServerDatabaseConsistency(ServerConnectionManager.java:286)
at com.agfa.hap.base.server.ServerConnectionManager.executeServerConnectionReview(ServerConnectionManager.java:202)
at com.agfa.hap.base.server.ServerConnectionManager.checkServerConnection(ServerConnectionManager.java:175)
at com.agfa.hap.base.server.ServerConnectionManager$2.run(ServerConnectionManager.java:259)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
at org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine.invoke(ApacheHttpClient4Engine.java:283)
... 15 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:505)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)
... 28 more
Any clue about such exception ?
It isn't a network interruption (or an invalid / expired SSL cert). What has happened is the remote end has closed the connection in the middle of the SSL connection negotiation. Most likely it is because there is a mismatch between requested and supported protocol versions or crypto algorithms.
You need to turn on debugging messages for the SSL protocol stack; e.g. using -Djavax.net.debug=all. That will give you more information, and from that you can figure out what you need to do to fix the mismatch.
I am getting javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake exception when I try to do Https get of a web service
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139)
at com.cl.fwk.services.http.impl.WebServiceImpl.get(WebServiceImpl.java:241)
... 28 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 46 more
My Configuration for HTTP Connector:
Connector connector = new Connector(Http11NioProtocol.class.getName());
Http11NioProtocol protocol = (Http11NioProtocol)
connector.getProtocolHandler();
protocol.setKeystoreFile("./Tests/Properties/keystore_local.ks");
protocol.setKeystorePass("changeit");
protocol.setSSLEnabled(true);
protocol.setSslProtocol("TLS"); // TLSv1
protocol.setClientAuth("true");
protocol.setMaxThreads(200);
protocol.setSecure(true);
connector.setPort(443);
protocol.setConnectionTimeout(30000);
tomcat.getService().addConnector(connector);
In any case, is there anything I can do to my code to get around this problem? Here is the error in full:
main, WRITE: TLSv1 Handshake, length = 48
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated: [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, SEND TLSv1 ALERT: fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 32
main, called closeSocket()
That is a problem of security protocol. you are using TLSv1 but the host accept only TLSv1.1 and TLSv1.2 then you have to change the protocol in Java with the instruction below:
protocol.setProperty("https.protocols", "TLSv1.1");
Try changing protocol.setSslProtocol("TLS") to "TLSv1.1" or "TLSv1.2"
There are two things you can do :
url you are trying to access may not have a CA certified certificate so ask for certificate or you can import certificate in cacerts(java runtime) and then try to access or else second : you can disable truststore(trust all certificate ) which obviously not at all recommended from security point of view.
You can refer here