- 196.9K All Categories
- 2.2K Data
- 239 Big Data Appliance
- 1.9K Data Science
- 450.4K Databases
- 221.7K General Database Discussions
- 31 Multilingual Engine
- 550 MySQL Community Space
- 478 NoSQL Database
- 7.9K Oracle Database Express Edition (XE)
- 3K ORDS, SODA & JSON in the Database
- 546 SQLcl
- 4K SQL Developer Data Modeler
- 187.1K SQL & PL/SQL
- 21.3K SQL Developer
- 295.9K Development
- 17 Developer Projects
- 138 Programming Languages
- 292.6K Development Tools
- 107 DevOps
- 3.1K QA/Testing
- 646K Java
- 28 Java Learning Subscription
- 37K Database Connectivity
- 155 Java Community Process
- 105 Java 25
- 22.1K Java APIs
- 138.1K Java Development Tools
- 165.3K Java EE (Java Enterprise Edition)
- 18 Java Essentials
- 160 Java 8 Questions
- 86K Java Programming
- 80 Java Puzzle Ball
- 65.1K New To Java
- 1.7K Training / Learning / Certification
- 13.8K Java HotSpot Virtual Machine
- 94.3K Java SE
- 13.8K Java Security
- 204 Java User Groups
- 443 LiveLabs
- 38 Workshops
- 10.2K Software
- 6.7K Berkeley DB Family
- 3.5K JHeadstart
- 5.7K Other Languages
- 2.3K Chinese
- 171 Deutsche Oracle Community
- 1.1K Español
- 1.9K Japanese
- 232 Portuguese
Java 8 SSL issues - works properly with Java 7
I am having issues sending an HTTPS GET request that requires a client certificate while using Java 8.
The following code is used to build the SSL context and start the REST Client - the code builds and runs correctly for both Java 7 and Java 8 (no functions are marked as deprecated):
After building the SSL context and starting REST Client, I attempt to make a GET request to a REST API - this code also builds and runs properly on both Java 7 and Java 8:
Note: I am not displaying the setRestRequestHeaders() function because it contains confidential credentials - but all the function does is set the content type and expected content to JSON, and set the user's username and password.
The difference between Java 7 and Java 8 is the response from the REST API. Java 7 always returns the expected result (the expected JSON object). Java 8 always fails, never returning a response but returning the following Exception message: "An existing connection was forcibly closed by the remote host." Note: the exception is thrown during the SSL handshake process.
My Attempted Solutions:
First, I tried searching online for similar issues, but I do not find anyone else that posted about the same problem.
Second, I am using Apache Commons' Async Http Client, so I thought of the possibility of a bug within that dependency - here is the exact version:
Thus, I attempt to use the non-asynchronous native Java Http Client:
But the result was the same (Java 7 success, Java 8 failure).
Third, I set the system property "Javax.net.debug" to "all", as such:
This logs the SSL handshake to the console. I a GET request with both Java 7 and Java 8 and saved the SSL log output. I ran a 'diff' against both files, and there were only minor differences that did not give any pointer towards the root of the problem. Feel free to leave me a message if you would like to see the logs; I have them with the property set to just "ssl" as well.
Lastly, I just looked more into Java cryptography and found out there is a Java Cryptography Extension (JCE) that can be added to a Java Runtime. The JCE essentially allows for more complex cryptography (i.e., a more complicated client certificate). I added the JCE to my Java 8 runtime (within the SDK), and it did not fix anything. The only thing that it changed was in the SSL handshake logs (mentioned above) there were less "unavailable" cipher suites.
My Development Environment:
IDE: IntelliJ IDEA Community Edition 2017.2
Relevant Dependencies: Apache Commons' Async HTTP Client version: 1.3.2, and tried the Java native HttpsURLConnection.
No trust certificate is used - the trust certificate for the REST API I am connecting to is a GoDaddy certificate that is in the default Java Truststore.
I can use Java 8 to successfully connect and make requests to other URL's that do not require a client certificate.
I would not call myself an expert on SSL or Java Keystores - there may be something simple that I am missing. I do not know what the issue is, but I find it odd for my non-deprecated code to work on Java 7 and not Java 8. If anyone has any comments/suggestions/questions, please do not hesitate to let me know. Thank you!