Re: Getting javax.net.ssl.SSLHandshakeException

Tue, 24 Feb 2015 22:50:21 -0800 

Dear Christopher ,

Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3?

We agree with your above statement. We have disabled SSLv3 on Tomcat 
server and our client is an exe which sends request using below code.

                URL server = new URL(url);
                jprogress.setValue(11);
                final String hostvar = ip;
                HttpsURLConnection.setDefaultHostnameVerifier(new 
HostnameVerifier() {
                        public boolean verify(String hostname, SSLSession 
session) {
                                if (hostname.equals(hostvar)) {
                                        return true;
                                } else {
                                        return false;
                                }
                        }
                });
                try{
                HttpsURLConnection con = (HttpsURLConnection) 
server.openConnection();
                jprogress.setValue(14);
                con.setConnectTimeout(90000000);
                con.setDoOutput(true);
                con.setUseCaches(false);
                con.setReadTimeout(60000);
                jprogress.setValue(16);

We are unable to find at which point the client exe uses either TLS or 
SSLv3 to send request to the server.
Also we find that client exe works fine in other machines.
We want to know if this is system specific or java specific. 

Any help will be greatly appreciated.

Thanks and Regards
Deepak kumar





From:   Christopher Schultz <[email protected]>
To:     Tomcat Users List <[email protected]>
Date:   24-02-2015 20:36
Subject:        Re: Getting javax.net.ssl.SSLHandshakeException



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Deepak,

On 2/24/15 9:19 AM, [email protected] wrote:
> We have migrated from apache tomcat 8.0.8 to apache tomcat
> 8.0.18.(to prevent  the poodle attack).

Note that upgrading Tomcat is not necessary to mitigate SSL POODLE.
Upgrading does have other advantages, though.

> But now we are facing the below issue.
> 
> javax.net.ssl.SSLHandshakeException: Remote host closed connection
> during handshake at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown 
> Source) at 
> 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
>  Source) at 
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source) at 
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source) at
> sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown 
> Source) at 
> 
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
>  Source) at 
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
>  Source) at 
> 
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
>  Source) at
> connection.ReceiveConnect.connect(ReceiveConnect.java:77) at
> util.ReceiveFile.run(ReceiveFile.java:94) at
> java.lang.Thread.run(Unknown Source) Caused by:
> java.io.EOFException: SSL peer shut down incorrectly at
> com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) ...
> 11 more
> 
> 
> Any help will be greatly appreciated.

Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3?

Try using this tool to probe your server to see what it can do:
http://markmail.org/thread/tz4z44nfjl7sy2lj

Also remember this: http://markmail.org/thread/ip4j45tioft4bntd

- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org

iQIcBAEBCAAGBQJU7JLBAAoJEBzwKT+lPKRYT8UP/jFwpGCb0ZrNQuyOYQRtB+Fb
7vzciBQbsyXTKin7l5g2+31nP9NGFgxbrXhswJWMQL9ZQyyKxxe4H5RUagpT+IkZ
yAkmh7BzTaIkCgQjEVS9y7mQK/lPG37umYcnz4/yKQ/zQKXVeKfxrlOGpNXMtxMu
0QClDNbUrmIfTOOhHmcXiwgcH7bK/mjfeDqow1IyU/mL5J5C66iTEgUEtivGmtyi
yCTgWkEQaAlUoQ85Tzp6FQHHA7irIo2IQppBba+BOz2rx+GYrLil2qCaAopbE57T
5LPqrOU0uI2irlc/4wLBxR6MqS6SeZ7aaGMDPqUWfvlg+OlQBl5XFJmlISd1hwTU
Sv6wwfFJ7DMvE2KqSMIAtgyM+WfvveJqvf8aE0aaDYt/ikP3mV6r3YUa7IA9r3Lf
WdP69upZIZSZMu6G8npNqMzqmWjeYq/K3Rjli5a/9sERdSDA1cwxwitwWklTzEnL
VP6pdjoK6UBZFrhaIDmWX4yshGQRgptycna+edh3zd9elAT3utffswAXOP063ToP
KD/JmSOSOra0asZq7t6Dl+IqczK3tjByleAJdHlsxqiYGl77XnnGZzxg1qmQBQO2
dqWD+4KZay8X29N26sUWvEJBrBMrddwSRE7YU210ncGSuX4VaUy1iGiZmyCHFtoO
WpZRD0ruzsx95nIJE8J/
=Fk6V
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]



"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY 
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original 
addressee only.
The message may contain information that is confidential and subject to legal 
privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender 
immediately and destroy the message and copies thereof and any attachments 
contained in it .
 If you are not the intended recipient of this message, you are hereby notified 
that you must not disseminate, copy, use, distribute, or take any action in 
connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been 
maintained nor that it is free of errors, viruses, interception and/or 
interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of 
this message and/or attachments and/or the use of the information contained in 
this message and/or attachments."

Reply via email to