Jump to content
The TIBCO Platform is a real-time, composable data platform that will bring together an evolving set of your TIBCO solutions - and it's available now! See more information here

SSL handshake fails when connecting from Java client on Windows

Aaron Steigerwald

By Aaron Steigerwald
in Messaging

 Share

Recommended Posts

Aaron Steigerwald Newbie

Aaron Steigerwald

Posted
Posted

Hello,

I'm using the 8.4.1 EMS Community Edition. I configured it for SSL connections using the sample certificate files:

listen = tcp://7222,ssl://7243

ssl_server_identity = "/opt/tibco/ems/8.4/samples/certs/server.cert.pem"

ssl_server_key = "/opt/tibco/ems/8.4/samples/certs/server.key.pem"

ssl_password = password

ssl_server_trusted = "/opt/tibco/ems/8.4/samples/certs/client_root.cert.pem"

I complied the sample tibjmsSSLGlobal.java class. It works using the sample client cert on Linux but not Windows. The server outputs the following when EMS is started with -ssl_trace and -ssl_debug_trace and tibjmsSSLGlobal is executed on Windows:

2019-03-07 20:28:03.101 WARNING: Closing connection from 192.168.0.1 due to timeout, exceeded timeout of 3.

2019-03-07 20:28:03.101 SSL handshake failed: ret=-1, reason=

2019-03-07 20:28:03.101 [OpenSSL Error]: file=ossl.c, line=1767

It works as expected when the same compiled class file is run from a Linux system or even from the Windows Linux subsystem.

The following is reported from the client when SSL debug is enabled on Windows:

main, received EOFException: error

main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

main, SEND TLSv1.2 ALERT: fatal, description = handshake_failure

main, called closeSocket()

For comparison, the following is reported from the client when SSL debug is enabled on Linux at the same step in the SSL handshake debug:

check handshake state: server_hello[2]

*** ServerHello, TLSv1.2

The following is how the client (tibjmsSSLGlobal) is executed in Windows:

java -cp .;..libjms-2.0.jar;..libtibjms.jar jms.tibjmsSSLGlobal -ssl_identity ..conftibcosamplescertsclient_identity.p12 -ssl_password password -server ssl://192.168.0.192:7243

The following is how the client (tibjmsSSLGlobal) is executed in Linux:

java -cp .:../lib/jms-2.0.jar:../lib/tibjms.jar jms.tibjmsSSLGlobal -ssl_identity ../conf/tibco/samples/certs/client_identity.p12 -ssl_password password -server ssl://192.168.0.192:7243

The Java version is 1.8.0_191 in both Windows and Linux.

I found a similar post from May 2017 entitled "SSL does not work with certain java 8 versions". However, it had no answers.

Please help.

Thanks,

Aaron

Link to comment
Share on other sites
  • 11 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
© 2024 Cloud Software Group, Inc. All rights reserved.
×
×
  • Create New...