0
votes

I have strange problem, that I could not fixed.

I have JDK 1.5 version and SSL based communication via sockets, simply send and receive string data.

try {

    KeyStore ks = KeyStore.getInstance("JKS");
    ks.load(new FileInputStream(
            "path_to_.jks"),
            "secret_of_jks".toCharArray());

    TrustManagerFactory tmf = TrustManagerFactory
            .getInstance(TrustManagerFactory.getDefaultAlgorithm());
    tmf.init(ks);
    KeyManagerFactory kmf = KeyManagerFactory
            .getInstance(KeyManagerFactory.getDefaultAlgorithm());
    kmf.init(ks, "secret_of_jks".toCharArray());
    SSLContext ctx = SSLContext.getInstance("TLS");
    ctx.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
    Socket s = ctx.getSocketFactory().createSocket("address_of_server", PORT);

    String jsonEx = "json text to send server";
    StringBuilder sb = new StringBuilder();
    sb.append(jsonEx.getBytes().length);
    sb.append("\r\n");
    sb.append(jsonEx);


    PrintWriter writer = new PrintWriter(s.getOutputStream(), true);
    writer.println(sb.toString());
    BufferedReader in =  new BufferedReader(new InputStreamReader(s.getInputStream()));
    System.out.println(in.readLine());
    writer.flush();
} catch (Exception e) {
    e.printStackTrace();
}

When I use JDK 1.7+ everything works properly, but when I switch into 1.6- it throws javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

My certificates are 2048 encrypted and I also installed JCE Unlimited Strength Jurisdiction Policy http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

Here is full exception if some is interested:

javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1154) at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:65) at sun.nio.cs.StreamDecoder$CharsetSD.readBytes(StreamDecoder.java:411) at sun.nio.cs.StreamDecoder$CharsetSD.implRead(StreamDecoder.java:453) at sun.nio.cs.StreamDecoder.read(StreamDecoder.java:183) at java.io.InputStreamReader.read(InputStreamReader.java:167) at java.io.BufferedReader.fill(BufferedReader.java:136) at java.io.BufferedReader.readLine(BufferedReader.java:299) at java.io.BufferedReader.readLine(BufferedReader.java:362) at ConnectorTest.main(ConnectorTest.java:45) Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:739) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1025) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:619) at com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:59) at sun.nio.cs.StreamEncoder$CharsetSE.writeBytes(StreamEncoder.java:336) at sun.nio.cs.StreamEncoder$CharsetSE.implFlushBuffer(StreamEncoder.java:404) at sun.nio.cs.StreamEncoder$CharsetSE.implFlush(StreamEncoder.java:408) at sun.nio.cs.StreamEncoder.flush(StreamEncoder.java:152) at java.io.OutputStreamWriter.flush(OutputStreamWriter.java:213) at java.io.BufferedWriter.flush(BufferedWriter.java:236) at java.io.PrintWriter.newLine(PrintWriter.java:410) at java.io.PrintWriter.println(PrintWriter.java:559) at java.io.PrintWriter.println(PrintWriter.java:670) at ConnectorTest.main(ConnectorTest.java:43) Caused by: java.io.EOFException: SSL peer shut down incorrectly at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:321) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:720) ... 13 more

ConnectorTest Line 43 is

System.out.println(in.readLine());

Updated

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1439443814 bytes = { 228, 36, 73, 128, 109, 225, 11, 36, 62, 40, 147, 150, 27, 145, 150, 163, 244, 28, 97, 56, 188, 81, 117, 31, 235, 60, 101, 224 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 75
main, WRITE: SSLv2 client hello message, length = 101
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
main, SEND TLSv1 ALERT:  fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 2
main, called closeSocket()

Update 2

I just found out that, difference between them are:

Valid from Tue Feb 16 20:07:36 GET 2016 until Thu Feb 16 20:07:36 GET 2017 1.7 Correct

Valid from Tue Feb 16 16:07:36 GMT 2016 until Thu Feb 16 16:07:36 GMT 2017 1.6 Error

2
You can check this link, not a solution but some insights: stackoverflow.com/questions/21245796/…Ravi Ranjan

2 Answers

1
votes

After a lot of research, I found out that, there is no way to do this and of course, installing the unlimited policy is also ugly solution. Sun does not recommend us changing policy. The best way to solve that problem is, that always maintain your Java version better then this one. I had to write on 1.5 and had no other chance to simply upgrade system and decided worse but the only solution, that worked, of course. I created some kind of proxy service with Java 1.8 + Wildlfy 8.2 on the same machine with different port of Jboss and call services from there. 1.5 and 1.8 apps communicate with simple soap protocol. Problem "fixed".

0
votes

Could be that the server does not support the SSL version of the client (client is offering too low SSL version).

Try adding the system property "javax.net.debug=ssl" so you get a better error description into system out. For example:

System.setProperty("javax.net.debug", "ssl");

or add command line parameter:

-Djavax.net.debug=ssl

Why would you want to use older Java? If you must use 1.6 try updating it to the latest patch version.