Jump to content
We have recently updated our Privacy Statement, available here ×

SSL handshake fails when connecting from Java client on Windows


Aaron Steigerwald

Recommended Posts

Hello,

I'm using the 8.4.1 EMS Community Edition. I configured it for SSL connections using the sample certificate files:

listen = tcp://7222,ssl://7243

ssl_server_identity = "/opt/tibco/ems/8.4/samples/certs/server.cert.pem"

ssl_server_key = "/opt/tibco/ems/8.4/samples/certs/server.key.pem"

ssl_password = password

ssl_server_trusted = "/opt/tibco/ems/8.4/samples/certs/client_root.cert.pem"

I complied the sample tibjmsSSLGlobal.java class. It works using the sample client cert on Linux but not Windows. The server outputs the following when EMS is started with -ssl_trace and -ssl_debug_trace and tibjmsSSLGlobal is executed on Windows:

2019-03-07 20:28:03.101 WARNING: Closing connection from 192.168.0.1 due to timeout, exceeded timeout of 3.

2019-03-07 20:28:03.101 SSL handshake failed: ret=-1, reason=

2019-03-07 20:28:03.101 [OpenSSL Error]: file=ossl.c, line=1767

It works as expected when the same compiled class file is run from a Linux system or even from the Windows Linux subsystem.

The following is reported from the client when SSL debug is enabled on Windows:

main, received EOFException: error

main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

main, SEND TLSv1.2 ALERT: fatal, description = handshake_failure

main, called closeSocket()

For comparison, the following is reported from the client when SSL debug is enabled on Linux at the same step in the SSL handshake debug:

check handshake state: server_hello[2]

*** ServerHello, TLSv1.2

The following is how the client (tibjmsSSLGlobal) is executed in Windows:

java -cp .;..libjms-2.0.jar;..libtibjms.jar jms.tibjmsSSLGlobal -ssl_identity ..conftibcosamplescertsclient_identity.p12 -ssl_password password -server ssl://192.168.0.192:7243

The following is how the client (tibjmsSSLGlobal) is executed in Linux:

java -cp .:../lib/jms-2.0.jar:../lib/tibjms.jar jms.tibjmsSSLGlobal -ssl_identity ../conf/tibco/samples/certs/client_identity.p12 -ssl_password password -server ssl://192.168.0.192:7243

The Java version is 1.8.0_191 in both Windows and Linux.

I found a similar post from May 2017 entitled "SSL does not work with certain java 8 versions". However, it had no answers.

Please help.

Thanks,

Aaron

Link to comment
Share on other sites

  • 11 months later...
×
×
  • Create New...