Dear Christopher ,
Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3?
We agree with your above statement. We have disabled SSLv3 on Tomcat
server and our client is an exe which sends request using below code.
URL server = new URL(url);
jprogress.setValue(11);
final String hostvar = ip;
HttpsURLConnection.setDefaultHostnameVerifier(new
HostnameVerifier() {
public boolean verify(String hostname, SSLSession
session) {
if (hostname.equals(hostvar)) {
return true;
} else {
return false;
}
}
});
try{
HttpsURLConnection con = (HttpsURLConnection)
server.openConnection();
jprogress.setValue(14);
con.setConnectTimeout(90000000);
con.setDoOutput(true);
con.setUseCaches(false);
con.setReadTimeout(60000);
jprogress.setValue(16);
We are unable to find at which point the client exe uses either TLS or
SSLv3 to send request to the server.
Also we find that client exe works fine in other machines.
We want to know if this is system specific or java specific.
Any help will be greatly appreciated.
Thanks and Regards
Deepak kumar
From: Christopher Schultz <ch...@christopherschultz.net>
To: Tomcat Users List <users@tomcat.apache.org>
Date: 24-02-2015 20:36
Subject: Re: Getting javax.net.ssl.SSLHandshakeException
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Deepak,
On 2/24/15 9:19 AM, dku...@ccilindia.co.in wrote:
> We have migrated from apache tomcat 8.0.8 to apache tomcat
> 8.0.18.(to prevent the poodle attack).
Note that upgrading Tomcat is not necessary to mitigate SSL POODLE.
Upgrading does have other advantages, though.
> But now we are facing the below issue.
>
> javax.net.ssl.SSLHandshakeException: Remote host closed connection
> during handshake at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source) at
>
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source) at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source) at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown
> Source) at
> sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown
> Source) at
>
sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown
> Source) at
> sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown
> Source) at
>
sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown
> Source) at
> connection.ReceiveConnect.connect(ReceiveConnect.java:77) at
> util.ReceiveFile.run(ReceiveFile.java:94) at
> java.lang.Thread.run(Unknown Source) Caused by:
> java.io.EOFException: SSL peer shut down incorrectly at
> com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) ...
> 11 more
>
>
> Any help will be greatly appreciated.
Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3?
Try using this tool to probe your server to see what it can do:
http://markmail.org/thread/tz4z44nfjl7sy2lj
Also remember this: http://markmail.org/thread/ip4j45tioft4bntd
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: GPGTools - http://gpgtools.org
iQIcBAEBCAAGBQJU7JLBAAoJEBzwKT+lPKRYT8UP/jFwpGCb0ZrNQuyOYQRtB+Fb
7vzciBQbsyXTKin7l5g2+31nP9NGFgxbrXhswJWMQL9ZQyyKxxe4H5RUagpT+IkZ
yAkmh7BzTaIkCgQjEVS9y7mQK/lPG37umYcnz4/yKQ/zQKXVeKfxrlOGpNXMtxMu
0QClDNbUrmIfTOOhHmcXiwgcH7bK/mjfeDqow1IyU/mL5J5C66iTEgUEtivGmtyi
yCTgWkEQaAlUoQ85Tzp6FQHHA7irIo2IQppBba+BOz2rx+GYrLil2qCaAopbE57T
5LPqrOU0uI2irlc/4wLBxR6MqS6SeZ7aaGMDPqUWfvlg+OlQBl5XFJmlISd1hwTU
Sv6wwfFJ7DMvE2KqSMIAtgyM+WfvveJqvf8aE0aaDYt/ikP3mV6r3YUa7IA9r3Lf
WdP69upZIZSZMu6G8npNqMzqmWjeYq/K3Rjli5a/9sERdSDA1cwxwitwWklTzEnL
VP6pdjoK6UBZFrhaIDmWX4yshGQRgptycna+edh3zd9elAT3utffswAXOP063ToP
KD/JmSOSOra0asZq7t6Dl+IqczK3tjByleAJdHlsxqiYGl77XnnGZzxg1qmQBQO2
dqWD+4KZay8X29N26sUWvEJBrBMrddwSRE7YU210ncGSuX4VaUy1iGiZmyCHFtoO
WpZRD0ruzsx95nIJE8J/
=Fk6V
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org
"Disclaimer and confidentiality clause -
This message and any attachments relating to official business of CCIL OR ANY
OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original
addressee only.
The message may contain information that is confidential and subject to legal
privilege.
Any views expressed in this message are those of the individual sender.
If you have received this message in error, please notify the original sender
immediately and destroy the message and copies thereof and any attachments
contained in it .
If you are not the intended recipient of this message, you are hereby notified
that you must not disseminate, copy, use, distribute, or take any action in
connection therewith.
CCIL cannot ensure that the integrity of this communication has been
maintained nor that it is free of errors, viruses, interception and/or
interference.
CCIL is not liable whatsoever for loss or damage resulting from the opening of
this message and/or attachments and/or the use of the information contained in
this message and/or attachments."
