Cannot get my AXIS2 Client connect to remote server using TLSv1.2 on Websphere 8.5

1
votes

Since I cannot find a way to solve my previous problem, I decided to dodge it and generate an AXIS2 project to solve it.(If anyone know how to solve my previous problem, PLEASE DO TELL ME. I'll switch back to it if that problem can be solved.)

Let us back to this topic.

My server is using Websphere 8.5 with Java 1.8(1.7 & 1.6 are still there, but I think they won't cause troubles since I set the default to 1.8), and I'm running on cluster mode with 2 WAS nodes.

I deployed my AXIS2 client(with 1.7.4 jars) from manager console and set this application to parent load last to prevent conflicts with WAS's own AXIS, it runs nice EXCEPT one problem: It cannot connect to the Remote WebLogic Server which using TLSv1.2.

I have added that WebLogic's certificate into clusterDefaultTrustKeyStore, and my WAS is running with Java 1.8. But Even I added System.setProperty("https.protocols", "TLSv1.2"); into constructor, I still cannot connect to that server using https://. This is really troubling me right now.

This is the exception that I got:

class org.apache.axis2.AxisFault:javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Stacktrace:

[
  {
    "declaringClass": "org.apache.axis2.AxisFault",
    "methodName": "makeFault",
    "fileName": "AxisFault.java",
    "lineNumber": 430
  },
  {
    "declaringClass": "org.apache.axis2.transport.http.SOAPMessageFormatter",
    "methodName": "writeTo",
    "fileName": "SOAPMessageFormatter.java",
    "lineNumber": 78
  },
  {
    "declaringClass": "org.apache.axis2.transport.http.AxisRequestEntity",
    "methodName": "writeRequest",
    "fileName": "AxisRequestEntity.java",
    "lineNumber": 85
  },
  {
    "declaringClass": "org.apache.commons.httpclient.methods.EntityEnclosingMethod",
    "methodName": "writeRequestBody",
    "fileName": "EntityEnclosingMethod.java",
    "lineNumber": 499
  },
  {
    "declaringClass": "org.apache.commons.httpclient.HttpMethodBase",
    "methodName": "writeRequest",
    "fileName": "HttpMethodBase.java",
    "lineNumber": 2114
  },
  {
    "declaringClass": "org.apache.commons.httpclient.HttpMethodBase",
    "methodName": "execute",
    "fileName": "HttpMethodBase.java",
    "lineNumber": 1096
  },
  {
    "declaringClass": "org.apache.commons.httpclient.HttpMethodDirector",
    "methodName": "executeWithRetry",
    "fileName": "HttpMethodDirector.java",
    "lineNumber": 398
  },
  {
    "declaringClass": "org.apache.commons.httpclient.HttpMethodDirector",
    "methodName": "executeMethod",
    "fileName": "HttpMethodDirector.java",
    "lineNumber": 171
  },
  {
    "declaringClass": "org.apache.commons.httpclient.HttpClient",
    "methodName": "executeMethod",
    "fileName": "HttpClient.java",
    "lineNumber": 397
  },
  {
    "declaringClass": "org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl",
    "methodName": "executeMethod",
    "fileName": "HTTPSenderImpl.java",
    "lineNumber": 872
  },
  {
    "declaringClass": "org.apache.axis2.transport.http.impl.httpclient3.HTTPSenderImpl",
    "methodName": "sendViaPost",
    "fileName": "HTTPSenderImpl.java",
    "lineNumber": 212
  },
  {
    "declaringClass": "org.apache.axis2.transport.http.HTTPSender",
    "methodName": "send",
    "fileName": "HTTPSender.java",
    "lineNumber": 121
  },
  {
    "declaringClass": "org.apache.axis2.transport.http.CommonsHTTPTransportSender",
    "methodName": "writeMessageWithCommons",
    "fileName": "CommonsHTTPTransportSender.java",
    "lineNumber": 403
  },
  {
    "declaringClass": "org.apache.axis2.transport.http.CommonsHTTPTransportSender",
    "methodName": "invoke",
    "fileName": "CommonsHTTPTransportSender.java",
    "lineNumber": 234
  },
  {
    "declaringClass": "org.apache.axis2.engine.AxisEngine",
    "methodName": "send",
    "fileName": "AxisEngine.java",
    "lineNumber": 431
  },
  {
    "declaringClass": "org.apache.axis2.description.OutInAxisOperationClient",
    "methodName": "send",
    "fileName": "OutInAxisOperation.java",
    "lineNumber": 399
  },
  {
    "declaringClass": "org.apache.axis2.description.OutInAxisOperationClient",
    "methodName": "executeImpl",
    "fileName": "OutInAxisOperation.java",
    "lineNumber": 225
  },
  {
    "declaringClass": "org.apache.axis2.client.OperationClient",
    "methodName": "execute",
    "fileName": "OperationClient.java",
    "lineNumber": 150
  },
  {
    "declaringClass": "org.openuri.www.TestServiceStub",
    "methodName": "getRSAPublicKey",
    "fileName": "TestServiceStub.java",
    "lineNumber": 841
  }
  ...
]

And the WAS's system log:

Caused by: javax.xml.stream.XMLStreamException: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.ibm.xml.xlxp2.api.stax.msg.StAXMessageProvider.throwXMLStreamException(StAXMessageProvider.java:67)
    at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:766)
    at com.ibm.xml.xlxp2.api.stax.XMLOutputFactoryImpl$XMLStreamWriterProxy.flush(XMLOutputFactoryImpl.java:155)
    at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
    at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:231)
    at org.apache.axiom.om.impl.MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:223)
    at org.apache.axiom.om.impl.common.AxiomContainerSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_intf_AxiomContainer$serializeAndConsume(AxiomContainerSupport.aj:324)
    at org.apache.axiom.om.impl.llom.OMElementImpl.serializeAndConsume(OMElementImpl.java:1)
    at org.apache.axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)
    ... 47 more
Caused by: javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.ibm.jsse2.as.k(as.java:174)
    at com.ibm.jsse2.as.l(as.java:677)
    at com.ibm.jsse2.h.write(h.java:33)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:93)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:151)
    at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
    at com.ibm.xml.xlxp2.api.stax.serializer.StAXWriter.flush(StAXWriter.java:65)
    at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:763)
    ... 54 more
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at com.ibm.jsse2.j.a(j.java:31)
    at com.ibm.jsse2.j.a(j.java:43)
    at com.ibm.jsse2.as.b(as.java:816)
    at com.ibm.jsse2.as.a(as.java:752)
    at com.ibm.jsse2.as.i(as.java:130)
    at com.ibm.jsse2.as.a(as.java:497)
    at com.ibm.jsse2.h.write(h.java:23)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:93)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:151)
    at org.apache.commons.httpclient.ChunkedOutputStream.flush(ChunkedOutputStream.java:191)
    at com.ibm.xml.xlxp2.api.stax.serializer.StAXWriter.flush(StAXWriter.java:65)
    at com.ibm.xml.xlxp2.api.stax.XMLStreamWriterImpl.flush(XMLStreamWriterImpl.java:763)
    at com.ibm.xml.xlxp2.api.stax.XMLOutputFactoryImpl$XMLStreamWriterProxy.flush(XMLOutputFactoryImpl.java:155)
    at org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper.flush(XMLStreamWriterWrapper.java:50)
    at org.apache.axiom.om.impl.MTOMXMLStreamWriter.flush(MTOMXMLStreamWriter.java:231)
    at org.apache.axis2.databinding.ADBDataSource.serialize(ADBDataSource.java:50)
    at org.apache.axiom.om.impl.common.serializer.push.stax.StAXSerializer.serializePushOMDataSource(StAXSerializer.java:53)
    at org.apache.axiom.om.impl.common.serializer.push.Serializer.serialize(Serializer.java:293)
    at org.apache.axiom.om.impl.common.AxiomSourcedElementSupport.ajc$interMethod$org_apache_axiom_om_impl_common_AxiomSourcedElementSupport$org_apache_axiom_om_impl_intf_AxiomSourcedElement$internalSerialize(AxiomSourcedElementSupport.aj:434)
... 69 more

Based on the System log, it is most likely to WAS be the Cause. But I don't know why and how to solve it, and can't find any direct related topic in stackoverflow. Can anyone help me please?

2
javawebsphereaxis2

2 Answers

0
votes

You can try jsse.enableSNIExtension=false by adding it to Websphere's custom JVM property.
If target server's certificate is signed by CA, you should also add those CA certificates to KeyStore.

0
votes

...Ok, I feel like been tricked.

They claim themselves only accept the TLSv1.2 and I buy it, but the SSL Debug log tells a different TRUTH.

000000fa SystemOut     O WebContainer : 1, READ: TLSv1 Alert, length = 2
00000014 SystemOut     O Finalizer thread, called close()
00000014 SystemOut     O Finalizer thread, called closeInternal(true)
00000014 SystemOut     O Finalizer thread, called closeSocket(true)
000000fa SystemOut     O WebContainer : 1, RECV TLSv1.2 ALERT:  fatal, handshake_failure

After deep looking into the Log, I did used TLSv1.2 but they seem like don't support it(or they didn't enable it), which caused the Handshake failure.