• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Paul Clapham
  • Jeanne Boyarsky
  • Liutauras Vilda
Sheriffs:
  • Rob Spoor
  • Bear Bibeault
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Piet Souris
Bartenders:
  • Frits Walraven
  • Himai Minh

TLSv1 Alert handshake_failure

 
Greenhorn
Posts: 9
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I have just started encountering this error in JBoss 5.2 EAP. I am running with Java 1.7.0_79 on a Windows Server 2012R2. As far as I know, nothing has changed with regards to the code or the network. This problem started at some point between 10am and 3pm EDT on 6/9/2015.

Here is a copy of my JBoss log:

INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,209 INFO [STDOUT] Allow unsafe renegotiation: false
INFO | srvmain | 2015/06/10 12:57:33.271 | Allow legacy hello messages: true
INFO | srvmain | 2015/06/10 12:57:33.271 | Is initial handshake: true
INFO | srvmain | 2015/06/10 12:57:33.271 | Is secure renegotiation: false
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,209 INFO [STDOUT] http-0.0.0.0-443-7, setSoTimeout(60000) called
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for SSLv2Hello
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for SSLv2Hello
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] http-0.0.0.0-443-7, received EOFException: error
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,224 INFO [STDOUT] http-0.0.0.0-443-7, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] http-0.0.0.0-443-7
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] , SEND TLSv1 ALERT:
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] fatal,
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] description = handshake_failure
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] http-0.0.0.0-443-7, WRITE: TLSv1 Alert, length = 2
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] http-0.0.0.0-443-7, called closeSocket()
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] http-0.0.0.0-443-7, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] http-0.0.0.0-443-7, called close()
INFO | srvmain | 2015/06/10 12:57:33.271 | 12:57:33,271 INFO [STDOUT] http-0.0.0.0-443-7, called closeInternal(true)

This is posted to the logs about every 5 seconds - immediately upon startup. I have no idea what JBoss is trying to communicate to. But I also receive this same message when I try to hit an outside secure webservice - which is my real concern. Without the java option -Djavax.net.debug=ssl:handshake:verbose, I had no idea there were these failures every 5 seconds. I only knew about the failure to hit the outside secure webservice - as that exception was thrown to my code. Apparently, nothing is catching this "every 5 seconds" error - as that was only revealed with the verbose debug.

JBoss is configured to listen to port 443 with sslProtocols = "TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello".

1) Does anyone know what JBoss is trying to communicate with?
2) Can anyone give me any idea how to solve this handshake_failure?

 
Bonnie Kenison
Greenhorn
Posts: 9
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I figured out the issue with the 3rd party webservice was that they restricted communication to TSLv1.1 and TLSv1.2. Since I was using Java 1.7, the default is TLSv1. I added the JAVA_OPT -Dhttps.protocols=TLSv1.2,TLSv1.1,TLS1 and that fixed the issue.
 
Marshal
Posts: 26589
81
Eclipse IDE Firefox Browser MySQL Database
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for posting back with the answer you found, Bonnie. We always appreciate it when people do that.
 
I love a good mentalist. And so does this tiny ad:
Thread Boost feature
https://coderanch.com/t/674455/Thread-Boost-feature
reply
    Bookmark Topic Watch Topic
  • New Topic