2 Replies Latest reply: Sep 13, 2012 8:52 AM by 961938 RSS

    SSL Hand Shake Exception with Jdk 1.6 and 7

    961938
      I am facing the handshake exception problem using SSL with JDK 1.6 35 every thing is working fine with JDK 1.4, I am receiving the following exception in the Logs

      received EOFException: error

      handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

      I have tried putting ssl logging in verbose level and allowed unsecure ssl negotiation true.

      Following is my connector settings

      <Connector port="8443"
           maxThreads="350" minSpareThreads="25" maxSpareThreads="75"
           enableLookups="false" disableUploadTimeout="true"
           acceptCount="100" debug="0" scheme="https" secure="true"
           clientAuth="true" sslProtocol="SSLv3"
                     keystoreFile="${jboss.server.home.dir}/conf/abc.jks"
                     truststoreFile="${jboss.server.home.dir}/conf/xyz"
                keystorePass="123" truststorePass="abc" keystoreType="JKS" truststoreType="JKS"/>


      Please suggest what can go wrong in SSL communication with the JDK change from 1.4 to 1.6 or 7.
        • 1. Re: SSL Hand Shake Exception with Jdk 1.6 and 7
          EJP
          I have tried putting ssl logging in verbose level and allowed unsecure ssl negotiation true.
          Where exactly have you done that?
          <Connector port="8443"
               maxThreads="350" minSpareThreads="25" maxSpareThreads="75"
               enableLookups="false" disableUploadTimeout="true"
               acceptCount="100" debug="0" scheme="https" secure="true"
               clientAuth="true" sslProtocol="SSLv3"
                         keystoreFile="${jboss.server.home.dir}/conf/abc.jks"
                         truststoreFile="${jboss.server.home.dir}/conf/xyz"
                    keystorePass="123" truststorePass="abc" keystoreType="JKS" truststoreType="JKS"/>
          I don't see it anywhere in there. There should be an attribute allowUnsafeLegacyRenegotiation="true" if you want to allow the unsafe handshake stuff.
          • 2. Re: SSL Hand Shake Exception with Jdk 1.6 and 7
            961938
            I updated the connector with allowUnsafeLegacyRenegotiation="true" , following is my connector


            <Connector port="8443"
            maxThreads="350" minSpareThreads="25" maxSpareThreads="75"
            enableLookups="false" disableUploadTimeout="true" allowUnsafeLegacyRenegotiation="true"
            acceptCount="100" debug="0" scheme="https" secure="true"
            clientAuth="true" sslProtocol="SSLv3"
            keystoreFile="${jboss.server.home.dir}/conf/abc.jks"
            truststoreFile="${jboss.server.home.dir}/conf/xyz"
            keystorePass="123" truststorePass="abc" keystoreType="JKS" truststoreType="JKS"/>


            I also added the -Dsun.security.ssl.allowUnsafeRenegotiation=true in the Jboss run.bat file, I am still getting the same error.