Home > Blockchain >  javax.net.ssl.SSLException: Received close_notify during handshake error when sending request from A
javax.net.ssl.SSLException: Received close_notify during handshake error when sending request from A

Time:12-02

I have moved my website from a very old server to a new server that supports SSL, and upgraded from Apache Tomcat 6 to Apache Tomcat 9.0.54 . Now when code running on my server tries to send a request to the trustspot server (trusted review site) using this code

    try
    {
        HttpClient httpclient = new DefaultHttpClient();
    
        this.order=order;
        String dataForHmac      = MERCHANT_ID   order.getOrderId()   order.getCustomerEmail();
        String calculatedHmac   = base64sha256(dataForHmac, SECRET_KEY);
        order.setHmac(calculatedHmac);
        order.setKey(API_KEY);
    
        Gson gson = new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).setPrettyPrinting().create();
        System.out.println(gson.toJson(order));
    
        String jsonData = gson.toJson(order);
    
        url = new URL("https://trustspot.io/api/pub/new_order_product");
        httpMethod = new HttpPost(url.toExternalForm());
        httpMethod.addHeader("Content-Type", "application/json");
        StringEntity se = new StringEntity(jsonData);
        httpMethod.setEntity(se);
        HttpResponse httpResponse = httpclient.execute(httpMethod);
        InputStreamReader is = new InputStreamReader(httpResponse.getEntity().getContent());
        BufferedReader rd;
        rd = new BufferedReader(is);
    
        String line = "";
        while ((line = rd.readLine()) != null)
        {
            System.out.println(line);
        }
    }
    catch(Exception ex)
    {
        StringWriter messageBody = new StringWriter();
        PrintWriter pw = new PrintWriter(messageBody);
        ex.printStackTrace(pw);
        Email.sendAlert("Unable to send trustpot review request:"  order.getCustomerEmail(), messageBody.toString());
    }

I get

javax.net.ssl.SSLException: Received close_notify during handshake

How do I resolve this?

    javax.net.ssl.SSLException: Received close_notify during handshake
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1911)
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2012)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
        at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
        at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
        at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
        at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
        at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
        at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
        at com.jthink.store.trustspot.TrustSpotProductRequest.sendRequest(TrustSpotProductRequest.java:68)
        at com.jthink.store.googleprocess.AbstractCreateAndSendLicense.requestReview(AbstractCreateAndSendLicense.java:306)
        at com.jthink.store.googleprocess.CreateAndSendSongKongLicense.createAndSendLicense(CreateAndSendSongKongLicense.java:120)
        at com.jthink.store.action.VerifyPaymentEJunkie.processEachItem(VerifyPaymentEJunkie.java:169)
        at com.jthink.store.action.VerifyPaymentEJunkie.handleRequest(VerifyPaymentEJunkie.java:82)
        at com.jthink.store.JThinkStoreServlet.doGet(JThinkStoreServlet.java:45)
        at com.jthink.store.JThinkStoreServlet.doPost(JThinkStoreServlet.java:32)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)

I'm using Java 1.8.0_161-b12

Tried restarting Tomcat after setting -Dhttps.protocols=TLSv1 and -Dhttps.protocols=TLSv1.1, TLSv1.2 but made no difference

Update added a main() to the class so now I can run test on machine outside of tomcat and it fails in exact same way

java -classpath classes:lib/*  com.jthink.store.trustspot.TrustSpotProductRequest -Dhttps.protocols=TLSv1

gives same exception

javax.net.ssl.SSLException: Received close_notify during handshake

running the exact same code on my PC works fine.

Update 2

With the -Djavax.net.debug=ssl:handshake

trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1621095199 bytes = { 214, 189, 173, 184, 228, 255, 156, 82, 153, 122, 143, 245, 185, 144, 166, 172, 32, 10, 144, 123, 158, 248, 38, 4, 84, 67, 13, 79 }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=trustspot.io]
***
main, WRITE: TLSv1.2 Handshake, length = 146
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  warning, close_notify
main, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLException: Received close_notify during handshake
main, called close()
main, called closeInternal(true)

On my PC the difference I can see is that is also has Extension elliptic_curves and Extension ec_point_formats, do I require them ?

Also the length of the handshake is different.

Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=trustspot.io]
***
main, WRITE: TLSv1.2 Handshake, length = 214
main, READ: TLSv1.2 Handshake, length = 91

CodePudding user response:

The problem was my Java version, (answer came from @dave_thompson_085 comment, I don't fully understand the details so forgive me if not explained totally correctly)

I was using Java 1.8.0_161-b12 on a linux centos machine, turns out this version doesnt support elliptic curve suites for TLS 1.2, but the server I was connecting to only supports ECHDE and this requires use of elliptic curve algorithm so therefore would not work.

Updated to jdk1.8.0_202 and now working

CodePudding user response:

generally SSL issues are related to certificate problems, are you sure you old certificate still holds valid and properly configured, if not the i suggest to add it in the server first

Page link:https//www.codepudding.com/Blockchain/212952.html

Prev:How to mask Apache Version on Error Page of Spring Boot application?
Next:In R, how do I apply a VLOOKUP when an ID column is present but not otherwise relevant?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding