java


TLSv1.2 error in Spring boot


Getting error while ssl connection in spring boot.
http-nio-8081-exec-1, WRITE: TLSv1.2 Handshake, length = 193
[Raw write]: length = 198
0000: 16 03 03 00 C1 01 00 00 BD 03 03 59 0F F5 50 BA ...........Y..P.
0010: AC 01 0A A6 F9 AB 1C C6 B5 50 B1 4E 2A 0E D2 4B .........P.N*..K
0020: C1 7C 75 7B 90 70 A3 6A 20 30 C1 00 00 3A C0 23 ..u..p.j 0...:.#
0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.%.).g.#....
0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./..
0050: C0 2D C0 31 00 9E 00 A2 C0 08 C0 12 00 0A C0 03 .-.1............
0060: C0 0D 00 16 00 13 00 FF 01 00 00 5A 00 0A 00 34 ...........Z...4
0070: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0080: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0090: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
00A0: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 18 00 16 ................
00B0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................
00C0: 02 03 02 01 02 02 ......
http-nio-8081-exec-1, handling exception: java.net.SocketException: Connection reset
http-nio-8081-exec-1, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
http-nio-8081-exec-1, WRITE: TLSv1.2 Alert, length = 2
http-nio-8081-exec-1, Exception sending alert: java.net.SocketException: Connection reset by peer: socket write error
http-nio-8081-exec-1, called closeSocket()
[2m2017-05-08 14:26:40.714[0;39m [31mERROR [CS Facade,,,][0;39m [35m6360[0;39m [2m---[0;39m [2m[nio-8081-exec-1][0;39m [36mo.a.c.c.C.[.[.[/].[dispatcherServlet] [0;39m [2m:[0;39m Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is org.springframework.web.client.ResourceAccessException: I/O error on GET request for "<URL>": Connection reset; nested exception is java.net.SocketException: Connection reset] with root cause
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(Unknown Source)
at java.net.SocketInputStream.read(Unknown Source)
at sun.security.ssl.InputRecord.readFully(Unknown Source)
at sun.security.ssl.InputRecord.read(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(Unknown Source)
at org.springframework.http.client.SimpleBufferingClientHttpRequest.executeInternal(SimpleBufferingClientHttpRequest.java:78)
at org.springframework.http.client.AbstractBufferingClientHttpRequest.executeInternal(AbstractBufferingClientHttpRequest.java:48)
at org.springframework.http.client.AbstractClientHttpRequest.execute(AbstractClientHttpRequest.java:53)
at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:652)
Tried setting in JVM arguments
-Dhttps.protocols="TLSv1.2,TLSv1.1,TLSv1,SSLv3"
Also tried to set in application.properties
server.ssl.protocol=TLS
I have programmatically enabled the ssl
#Bean
public EmbeddedServletContainerFactory servletContainer() {
TomcatEmbeddedServletContainerFactory tomcat = new TomcatEmbeddedServletContainerFactory();
tomcat.addAdditionalTomcatConnectors(createStandardConnector());
return tomcat;
}
private Connector createStandardConnector() {
Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
connector.setPort(Integer.valueOf(port));
return connector;
}
It is mentioned that the problem is with java version
SSL Connection Reset
I am using java version "1.8.0_91" and spring boot: 1.5.2.RELEASE
is it because the server jks file is generated in the old version of java? Please provide some insights on the issue.
Some insights (I hope) but not an answer:
The problem in the Q you link was Java version 6 which was still current in early 2011, and which by default tries to negotiate with SSLv2 format (although even 6 wouldn't actually negotiate SSLv2 protocol). You use 8 which defaults to modern format and max protocol TLSv1.2, and the trace in your Q confirms this (the ClientHello offers wire version 0303 which is TLSv1.2), and no reasonable server will require more since 1.3 is not yet out of draft. Wrong version or format is only one possible cause of a reset during SSL/TLS handshake; there are many others.
Recent Java 8 defaults https.protocols to TLSv1.2,TLSv1.1,TLSv1(.0). Adding SSLv3 is a bad idea; in the years since 2011 (and also since '8u0') it has been broken. Any server that actually negotiates SSLv3 is probably being operated by incompetents, and should not be used.
The Tomcat Connector is about incoming HTTP and/or HTTPS (TLS) connections. It has nothing to do with outgoing connections.
There is no problem with JKS files from older versions of Java, unless an older version used nonstandard cryptoproviders and a newer/current one does not, and in any case server.jks similarly applies to incoming connections not outgoing ones, plus any keystore problem would occur either before sending the ClientHello message or after receiving the server's Certificate message, which your trace and stacktrace both contradict.
Your best bet is to find out from the server -- either directly like logs or via its operator(s) -- what it doesn't like.
However, there is one possibility I see by looking -- your stack is not sending ServerNameIndication aka SNI. This is technically an option in TLS, but in recent years many server programs (and servers) have begun requiring it, although a server that rejects a Hello for this reason should use an alert not a reset. Java 8 should automatically send SNI for HttpsUrlConnection unless someone or something has configured system property jsse.enableSNIExtension to false or the hostname part of the URL is a single 'label' (no dots) or an IP address -- are you doing any of those?

Related Links

Facebook OAuth redirect_uri Issue
How to dynamically populate #Value property from local property file in Spring?
JSON Object as #RequestBody on Spring 4.16
Java: File path error
compressed json in java
Simplest way of concatenating Strings and variables
Exception org.hibernate.exception.GenericJDBCException: could not extract ResultSet while feching data using hql
Android Application that can clear another applications database
In Java what is the absolute simplest way to create a string of random alpha numeric letters? [duplicate]
Static method Overloading Error
How to access Google ajax data using Java/Selenium
Spring task:scheduler. What causes missed runs?
Failed to connect to queue manager 'QUEUE-NAME' with connection mode 'Client' and host
StringTokenizers for Java with regular expression
java get user to input query via console [closed]
Client socket auto close

Categories

HOME
osgi
deployment
netbeans
deezer
mfc
stock
octobercms
filtering
yarn
leon
malloc
v8
ip
windows-server
fingerprint
networkx
multiple-records
slick-slider
iggrid
facebook-php-sdk
spring-tool-suite
n-gram
phaser
windows-phone-7
leiningen
visual-studio-2005
seaborn
windows-7-x64
footer
propel
http-status-code-504
flux
custom-wordpress-pages
nas
opencover
csrf-protection
web-sql
kudan
mmap
format-specifiers
sqlcipher
xpages-ssjs
su
fgetcsv
tooltipster
strncpy
ping
xacml
replaceall
atlassian-crucible
gitignore
key-value-observing
xquery-3.0
exuberant-ctags
lxd
language-concepts
force-layout
jmonkeyengine
adobe-premiere
espeak
preconditions
sas-jmp
btrace
prolog-setof
winscp-net
integrity
tropo
composite-key
magma
pg-dump
np-complete
windows-mobile-6.5
namecoin
flow-control
linode
flutterwave
sqldf
background-service
messenger
xcb
login-control
nsfilemanager
clang-static-analyzer
sigabrt
associative-array
javax.sound.midi
spidermonkey
riak-cs
microbenchmark
event-bubbling
fluid-dynamics
directoryservices
csquery
ng-animate
asp.net-dynamic-data
mdt
gulp-less
onactivityresult
oracle-warehouse-builder
gnu-smalltalk
runtime.exec
eventual-consistency
random-seed
type-equivalence
simba
manchester-syntax
jspinclude
ocx
adk
mongomapper
subviews
nsviewanimation
ctp4
virtual-functions
phonon
geneva-server

Resources

Encrypt Message



code
soft
python
ios
c
html
jquery
cloud
mobile