Dear Christopher , Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3?
We agree with your above statement. We have disabled SSLv3 on Tomcat server and our client is an exe which sends request using below code. URL server = new URL(url); jprogress.setValue(11); final String hostvar = ip; HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { if (hostname.equals(hostvar)) { return true; } else { return false; } } }); try{ HttpsURLConnection con = (HttpsURLConnection) server.openConnection(); jprogress.setValue(14); con.setConnectTimeout(90000000); con.setDoOutput(true); con.setUseCaches(false); con.setReadTimeout(60000); jprogress.setValue(16); We are unable to find at which point the client exe uses either TLS or SSLv3 to send request to the server. Also we find that client exe works fine in other machines. We want to know if this is system specific or java specific. Any help will be greatly appreciated. Thanks and Regards Deepak kumar From: Christopher Schultz <ch...@christopherschultz.net> To: Tomcat Users List <users@tomcat.apache.org> Date: 24-02-2015 20:36 Subject: Re: Getting javax.net.ssl.SSLHandshakeException -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Deepak, On 2/24/15 9:19 AM, dku...@ccilindia.co.in wrote: > We have migrated from apache tomcat 8.0.8 to apache tomcat > 8.0.18.(to prevent the poodle attack). Note that upgrading Tomcat is not necessary to mitigate SSL POODLE. Upgrading does have other advantages, though. > But now we are facing the below issue. > > javax.net.ssl.SSLHandshakeException: Remote host closed connection > during handshake at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown > Source) at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown > Source) at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) at > com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(Unknown > Source) at > sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown > Source) at > sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown > Source) at > sun.net.www.protocol.http.HttpURLConnection.getOutputStream(Unknown > Source) at > sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(Unknown > Source) at > connection.ReceiveConnect.connect(ReceiveConnect.java:77) at > util.ReceiveFile.run(ReceiveFile.java:94) at > java.lang.Thread.run(Unknown Source) Caused by: > java.io.EOFException: SSL peer shut down incorrectly at > com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source) ... > 11 more > > > Any help will be greatly appreciated. Perhaps you disabled SSLv3 and a client is trying to connect using SSLv3? Try using this tool to probe your server to see what it can do: http://markmail.org/thread/tz4z44nfjl7sy2lj Also remember this: http://markmail.org/thread/ip4j45tioft4bntd - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: GPGTools - http://gpgtools.org iQIcBAEBCAAGBQJU7JLBAAoJEBzwKT+lPKRYT8UP/jFwpGCb0ZrNQuyOYQRtB+Fb 7vzciBQbsyXTKin7l5g2+31nP9NGFgxbrXhswJWMQL9ZQyyKxxe4H5RUagpT+IkZ yAkmh7BzTaIkCgQjEVS9y7mQK/lPG37umYcnz4/yKQ/zQKXVeKfxrlOGpNXMtxMu 0QClDNbUrmIfTOOhHmcXiwgcH7bK/mjfeDqow1IyU/mL5J5C66iTEgUEtivGmtyi yCTgWkEQaAlUoQ85Tzp6FQHHA7irIo2IQppBba+BOz2rx+GYrLil2qCaAopbE57T 5LPqrOU0uI2irlc/4wLBxR6MqS6SeZ7aaGMDPqUWfvlg+OlQBl5XFJmlISd1hwTU Sv6wwfFJ7DMvE2KqSMIAtgyM+WfvveJqvf8aE0aaDYt/ikP3mV6r3YUa7IA9r3Lf WdP69upZIZSZMu6G8npNqMzqmWjeYq/K3Rjli5a/9sERdSDA1cwxwitwWklTzEnL VP6pdjoK6UBZFrhaIDmWX4yshGQRgptycna+edh3zd9elAT3utffswAXOP063ToP KD/JmSOSOra0asZq7t6Dl+IqczK3tjByleAJdHlsxqiYGl77XnnGZzxg1qmQBQO2 dqWD+4KZay8X29N26sUWvEJBrBMrddwSRE7YU210ncGSuX4VaUy1iGiZmyCHFtoO WpZRD0ruzsx95nIJE8J/ =Fk6V -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org For additional commands, e-mail: users-h...@tomcat.apache.org "Disclaimer and confidentiality clause - This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES is proprietary to CCIL and intended for the original addressee only. The message may contain information that is confidential and subject to legal privilege. Any views expressed in this message are those of the individual sender. If you have received this message in error, please notify the original sender immediately and destroy the message and copies thereof and any attachments contained in it . If you are not the intended recipient of this message, you are hereby notified that you must not disseminate, copy, use, distribute, or take any action in connection therewith. CCIL cannot ensure that the integrity of this communication has been maintained nor that it is free of errors, viruses, interception and/or interference. CCIL is not liable whatsoever for loss or damage resulting from the opening of this message and/or attachments and/or the use of the information contained in this message and/or attachments."