I am running a JMeter test with "Java Request" sampler which performs POST request to HTTPS service which uses TLS v1.2. The request fails with
2015/12/01 19:11:50 ERROR - jmeter.protocol.java.sampler.AbstractJavaSamplerClient: 2015-12-01T16:11:50.189Z message:**** Exception in JMeter node for Login java.lang.RuntimeException: Failed to getServerToken
at com.chrysler.loadtest.GUIMimicLogin.getServerToken(GUIMimicLogin.java:227)
at com.chrysler.loadtest.GUIMimicLogin.runTest(GUIMimicLogin.java:97)
at org.apache.jmeter.protocol.java.sampler.JavaSampler.sample(JavaSampler.java:191)
at org.apache.jmeter.threads.JMeterThread.process_sampler(JMeterThread.java:434)
at org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:261)
at java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:784)
at com.chrysler.loadtest.GUIMimicLogin.getServerToken(GUIMimicLogin.java:215)
... 5 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 18 more
JMeter used to work with this server when it used TLS v1.1. Is there a setting in JMeter properties which can set the applicable protocol.
The JMeter version is 2.13, Java version is 1.7.
This is an SSL error and can mean several things. Make sure you have TLS 1.2 enabled in your application (JVM argument?)(-Dhttps.protocols=TLSv1.2). You can use openssl to check the connection and see if you are getting back a certificate. If you are then check your keystore and make sure you have the correct certificate. You may not be authorized to access that server.
Related
I have a middleware (developped with Tibco ActiveMatrix BusinessWorks, but I don't think it's very important) that have been working for months, and suddently on 2020-10-17 started to fail on a high number of requests (around 8000) with the error:
javax.ws.rs.ProcessingException: javax.net.ssl.SSLException: SSL peer shut down incorrectly
Any idea why this error would suddently start occuring, and how to solve it ? Thanks in advance.
Full stacktrace:
Job-3158 Error in [BusinessProcesses/AgendasSecurises/Helpers/Gmail/Get Event.process/Get Event] Activity invocation failed at com.tibco.pe.plugin.Activity.postEval(Unknown Source) at com.tibco.pe.plugin.Activity.postEval(Unknown Source) at com.tibco.pe.core.TaskImpl.eval(Unknown Source) at com.tibco.pe.core.Job.a(Unknown Source) at com.tibco.pe.core.Job.k(Unknown Source) at com.tibco.pe.core.JobDispatcher$JobCourier.a(Unknown Source) at com.tibco.pe.core.JobDispatcher$JobCourier.run(Unknown Source) caused by: javax.ws.rs.ProcessingException: javax.net.ssl.SSLException: SSL peer shut down incorrectly at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:287) at org.glassfish.jersey.client.ClientRuntime.invoke(ClientRuntime.java:252) at org.glassfish.jersey.client.JerseyInvocation$2.call(JerseyInvocation.java:701) at org.glassfish.jersey.internal.Errors.process(Errors.java:315) at org.glassfish.jersey.internal.Errors.process(Errors.java:297) at org.glassfish.jersey.internal.Errors.process(Errors.java:228) at org.glassfish.jersey.process.internal.RequestScope.runInScope(RequestScope.java:444) at org.glassfish.jersey.client.JerseyInvocation.invoke(JerseyInvocation.java:697) at org.glassfish.jersey.client.JerseyInvocation$Builder.method(JerseyInvocation.java:420) at org.glassfish.jersey.client.JerseyInvocation$Builder.get(JerseyInvocation.java:316) at com.tibco.plugin.json.activities.RestActivity.doGet(RestActivity.java:485) at com.tibco.plugin.json.activities.RestActivity.doService(RestActivity.java:473) at com.tibco.plugin.json.activities.RestActivity$1.run(RestActivity.java:418) at com.tibco.pe.util.ThreadPool$ThreadPoolThread.run(Unknown Source) Caused by: javax.net.ssl.SSLException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.readV3Record(InputRecord.java:596) at sun.security.ssl.InputRecord.read(InputRecord.java:532) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:990) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1388) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1416) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1400) at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559) at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185) at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1570) at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1498) at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480) at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:352) at org.glassfish.jersey.client.internal.HttpUrlConnector._apply(HttpUrlConnector.java:399) at org.glassfish.jersey.client.internal.HttpUrlConnector.apply(HttpUrlConnector.java:285) ... 13 more
This is very likely that something changed on the server side on the mentioned date.
It could be a change of certificate or some changes that require use of a robust encryption library (for example TLS 1.2 might now be mandatory).
If you are using a recent version of BusinessWorks TLS 1.2 should be enabled by default. If you are using older versions (6.3.x) you may have to edit the bwappnode.tra file with the following :
java.extended.properties=-Xmx1024m -Xms128m -XX:+HeapDumpOnOutOfMemoryError -Dhttps.protocols=TLSv1.1,TLSv1.2
You can use the elements from the following TIBCO KB to get more trace and debug your issue:
https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-44615
My eclipse plugin application still gets SSLProtocolException: handshake alert: unrecognized_name on java version "1.8.0_141" although I followed some tips to disable SNI extension already.
[INFO] Property jsse.enableSNIExtension=false
[FATAL] javax.net.ssl.SSLProtocolException: handshake alert: unrecognized_name
at sun.security.ssl.ClientHandshaker.handshakeAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
Please help me on this case, thanks.
The unrecognized_name alert might be sent back by the server if the name sent with SNI is unexpected. But it might also be sent back if the server requires SNI to be used and no server name was sent by the client. Disabling SNI like you do can thus trigger the second case, i.e. the server requires SNI but the client does not provide it.
The correct way to deal with this error is to use the SNI extension and set the name to the one expected by the server.
I am launching a JNLP downloaded from my web application.
After being prompted with a Java Security Warning prompt, the application can run successfully if the user response is within 2-3 seconds. However, if the user took more than 3 seconds to respond to the Java Security Warning prompt, the application fails to run with error with the following socket exception:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake
(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.startHandshake
(SSLSocketImpl.java:1339)
at sun.security.ssl.SSLSocketImpl.startHandshake
(SSLSocketImpl.java:1323)
at sun.net.www.protocol.https.HttpsClient.afterConnect
(HttpsClient.java:563)
at
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect
(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream
(HttpURLConnection.java:1300)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream
(HttpsURLConnectionImpl.java:254)
at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable
(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown
Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker
(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run
(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 19 more
Java Security Warning
Exception
Additional Info: I have checked the ports and they were pointing on the correct port numbers and TLS value also matched. The certificates were also added under cacerts.
Question: What causes the exception when response to the security prompt reaches more than 3-5 seconds? and how can I avoid the mentioned exception(possibly increase the waiting time)?
Actions done:
1. Add connectionTimeout attribute in Tomcat connector, but still, after 5 seconds of waiting time to respond to the Java Security Warning, the application still fails to launch.
This is most easily controlled by the https.protocols system property. This is how you are able to control what the factory method returns. Set to "TLSv1" for example.
It leads to problems when you want to use two protocols instead of one. For example, SSLv3 and TLSv1. This -Dhttps.protocols=TLSv1,SSLv3 will lead to exceptions if you try to connect either SSLv3 or TLSv1.
Please check this answer.
How to make Java 6, which fails SSL connection with "SSL peer shut down incorrectly", succeed like Java 7?
I was facing the same problem, then I switched from JRE1.7 to JRE1.8 of course for reason TLS1.2 More references
How can I retrieve mails from gmail by authenticate imap using xoauth. I have tried the code which have given on Gmail data api for xoauthAuthenticator.java, xoauthprotocol.java,
xoauthsaslclient.java and xoauthsaslclienfactory.java
but i got error like this
Exception in thread "main" javax.mail.MessagingException: Remote host closed connection during handshake;
nested exception is:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:479)
at javax.mail.Service.connect(Service.java:275)
at XoauthAuthenticator.connectToImap(XoauthAuthenticator.java:80)
at XoauthAuthenticator.main(XoauthAuthenticator.java:114)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at com.sun.mail.util.TraceInputStream.read(TraceInputStream.java:97)
at java.io.BufferedInputStream.fill(Unknown Source)
at java.io.BufferedInputStream.read(Unknown Source)
at com.sun.mail.iap.ResponseInputStream.read0(ResponseInputStream.java:81)
at com.sun.mail.iap.ResponseInputStream.readResponse(ResponseInputStream.java:67)
at com.sun.mail.iap.Response.<init>(Response.java:83)
at com.sun.mail.imap.protocol.IMAPResponse.<init>(IMAPResponse.java:48)
at com.sun.mail.imap.protocol.IMAPResponse.readResponse(IMAPResponse.java:122)
at com.sun.mail.imap.protocol.IMAPProtocol.readResponse(IMAPProtocol.java:230)
at com.sun.mail.iap.Protocol.<init>(Protocol.java:91)
at com.sun.mail.imap.protocol.IMAPProtocol.<init>(IMAPProtocol.java:87)
at com.sun.mail.imap.IMAPStore.protocolConnect(IMAPStore.java:446)
... 3 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
... 19 more
What could be reason of it?
SSLHandshakeException is thrown when your SSLhandler doesn't trust the certificate from the host server. You need to add the server's SSL Certificate to your keystore. Here is a good walk through of the problem and how to fix it.
I am receiving the following exception while trying to make an SSL connection to a web service. Does this error mean my local keystore/certificate is expired, or is it that I cannot trust the remote server because it has the expired certificate?
javax.net.ssl.SSLHandshakeException: certificate expired
at com.ibm.jsse.bs.a(Unknown Source)
at com.ibm.jsse.bs.startHandshake(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.b.o(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.q.connect(Unknown Source)
at com.ibm.net.ssl.www.protocol.http.cg.getOutputStream(Unknown Source)
at com.ibm.net.ssl.www.protocol.https.t.getOutputStream(Unknown Source)
Remote certificate expired, webservice's appserver needs to update its cert.
See here http://www.cs.sunysb.edu/documentation/jsse/jssefaq.html#17
E.g. set the SystemProperty javax.net.debug to ssl:
java -Djavax.net.debug=ssl ...