Aaron Steigerwald Posted March 7, 2019 Share Posted March 7, 2019 Hello, I'm using the 8.4.1 EMS Community Edition. I configured it for SSL connections using the sample certificate files: listen = tcp://7222,ssl://7243 ssl_server_identity = "/opt/tibco/ems/8.4/samples/certs/server.cert.pem" ssl_server_key = "/opt/tibco/ems/8.4/samples/certs/server.key.pem" ssl_password = password ssl_server_trusted = "/opt/tibco/ems/8.4/samples/certs/client_root.cert.pem" I complied the sample tibjmsSSLGlobal.java class. It works using the sample client cert on Linux but not Windows. The server outputs the following when EMS is started with -ssl_trace and -ssl_debug_trace and tibjmsSSLGlobal is executed on Windows: 2019-03-07 20:28:03.101 WARNING: Closing connection from 192.168.0.1 due to timeout, exceeded timeout of 3. 2019-03-07 20:28:03.101 SSL handshake failed: ret=-1, reason= 2019-03-07 20:28:03.101 [OpenSSL Error]: file=ossl.c, line=1767 It works as expected when the same compiled class file is run from a Linux system or even from the Windows Linux subsystem. The following is reported from the client when SSL debug is enabled on Windows: main, received EOFException: error main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake main, SEND TLSv1.2 ALERT: fatal, description = handshake_failure main, called closeSocket() For comparison, the following is reported from the client when SSL debug is enabled on Linux at the same step in the SSL handshake debug: check handshake state: server_hello[2] *** ServerHello, TLSv1.2 The following is how the client (tibjmsSSLGlobal) is executed in Windows: java -cp .;..libjms-2.0.jar;..libtibjms.jar jms.tibjmsSSLGlobal -ssl_identity ..conftibcosamplescertsclient_identity.p12 -ssl_password password -server ssl://192.168.0.192:7243 The following is how the client (tibjmsSSLGlobal) is executed in Linux: java -cp .:../lib/jms-2.0.jar:../lib/tibjms.jar jms.tibjmsSSLGlobal -ssl_identity ../conf/tibco/samples/certs/client_identity.p12 -ssl_password password -server ssl://192.168.0.192:7243 The Java version is 1.8.0_191 in both Windows and Linux. I found a similar post from May 2017 entitled "SSL does not work with certain java 8 versions". However, it had no answers. Please help. Thanks, Aaron Link to comment Share on other sites More sharing options...
Aaron Steigerwald Posted February 28, 2020 Author Share Posted February 28, 2020 Update: This no longer appears to be an issue in the 8.5.1 community edition (TIB_ems-ce_8.5.1_linux_x86_64.zip). Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now