javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure in WAS 8.5.5.9 - ssl

We have a single installation of WAS(8.5.5.9),with java of 1.8_64 and TLSv1.2 enabled on JVM. But when I run the code sslSocket.getEnabledProtocols(), it gives me `supported protocols=[TLSv1], which is V1.0.
When I check in Security > SSL certificate and key management, and under Related Items, click SSL configurations. ( such as CellDefaultSSLsetting , NodedefaultSSLsetting and any other SSLConfig), it shows 'TLSv1.2' as the protocol, under QoP settings.
To give you some background, am trying to connect to a dropwizard application which is configured with supported protocols as TLSv1.2 from an application deployed on WAS.
Since it tries to connect via TLS1, it gives javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure.
Error:
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.ibm.jsse2.j.a(j.java:31)
at com.ibm.jsse2.j.a(j.java:43)
at com.ibm.jsse2.as.b(as.java:816)
at com.ibm.jsse2.as.a(as.java:752)
at com.ibm.jsse2.as.i(as.java:130)
at com.ibm.jsse2.as.a(as.java:483)
at com.ibm.jsse2.as.startHandshake(as.java:160)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:415)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:355)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:142)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:359)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:381)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:237)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:56)
at org.apache.camel.component.http4.HttpProducer.executeMethod(HttpProducer.java:334)
at org.apache.camel.component.http4.HttpProducer.process(HttpProducer.java:193)
at org.apache.camel.util.AsyncProcessorConverterHelper$ProcessorToAsyncProcessorBridge.process(AsyncProcessorConverterHelper.java:61)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:541)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:198)
at org.apache.camel.processor.MulticastProcessor.doProcessSequential(MulticastProcessor.java:695)
at org.apache.camel.processor.MulticastProcessor.doProcessSequential(MulticastProcessor.java:623)
at org.apache.camel.processor.MulticastProcessor.process(MulticastProcessor.java:247)
at org.apache.camel.processor.RecipientList.sendToRecipientList(RecipientList.java:172)
at org.apache.camel.processor.RecipientList.process(RecipientList.java:132)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:120)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)
at org.apache.camel.management.InstrumentationProcessor.process(InstrumentationProcessor.java:77)
at org.apache.camel.processor.RedeliveryErrorHandler.process(RedeliveryErrorHandler.java:541)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:198)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:120)
at org.apache.camel.processor.Pipeline.process(Pipeline.java:83)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:198)
at org.apache.camel.component.direct.DirectProducer.process(DirectProducer.java:62)
at org.apache.camel.processor.CamelInternalProcessor.process(CamelInternalProcessor.java:198)
at org.apache.camel.processor.DelegateAsyncProcessor.process(DelegateAsyncProcessor.java:97)
at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:529)
at org.apache.camel.impl.ProducerCache$1.doInProducer(ProducerCache.java:497)
at org.apache.camel.impl.ProducerCache.doInProducer(ProducerCache.java:365)
at org.apache.camel.impl.ProducerCache.sendExchange(ProducerCache.java:497)
at org.apache.camel.impl.ProducerCache.send(ProducerCache.java:242)
at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:148)
at org.apache.camel.impl.DefaultProducerTemplate.send(DefaultProducerTemplate.java:135)
at org.apache.camel.impl.DefaultProducerTemplate.request(DefaultProducerTemplate.java:301)
Please guide me on how to fix the issue.
Thanks,
Sravan Kumar

Related

ktor how to hide javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

I'm developing a web app, and the app uses navigator.mediaDevices.getUserMedia, so it needs HTTPS.
So I created a dummy certificate and localhost KTOR loads it.
Which is great! Except it litters the logs with
2022-10-05 10:26:10.046 [eventLoopGroupProxy-3-4] WARN i.n.h.s.ApplicationProtocolNegotiationHandler - [id: 0x96c37772, L:0.0.0.0/0.0.0.0:8443] TLS handshake failed:
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Is there any way to keep those from spamming the log?
(either through an improved self-signed cert, or through a filter, or a ktor config of "I get it, stop bothering me...")

Netty SSL Handshake

I am trying to build a sample server using netty which will handle ssl data as well.
Have created SSLContext as below
File privateKey = new File("privatekey.pem");
File publicKey = new File("certificate.pem");
SslContext sslCtx = SslContextBuilder.forServer(publicKey,privateKey)
.build();
After creating ssl context I have added the same into my pipeline as below
SSLEngine engine = sslCtx.newEngine(ch.alloc());
ch.pipeline().addLast(new SslHandler(engine, true),<other custom handlers>);
I have also imported the certificate.pem into client software. Still whenever I am initiating any connection i get below logs in server log.
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:472)
at io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed(ByteToMessageDecoder.java:405)
at io.netty.handler.codec.ByteToMessageDecoder.channelInputClosed(ByteToMessageDecoder.java:372)
at io.netty.handler.codec.ByteToMessageDecoder.channelInactive(ByteToMessageDecoder.java:355)
at io.netty.handler.ssl.SslHandler.channelInactive(SslHandler.java:1054)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:245)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:231)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:224)
at io.netty.handler.logging.LoggingHandler.channelInactive(LoggingHandler.java:167)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:245)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:231)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:224)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive(DefaultChannelPipeline.java:1429)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:245)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:231)
at io.netty.channel.DefaultChannelPipeline.fireChannelInactive(DefaultChannelPipeline.java:947)
at io.netty.channel.AbstractChannel$AbstractUnsafe$8.run(AbstractChannel.java:826)
at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:163)
at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:404)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:474)
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:909)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.lang.Thread.run(Thread.java:748)
Caused by: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1301)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1203)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1247)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441)
... 22 more
Can someone please guide what am I doing wrong here? Or any implementation for reference.
Netty Version - 4.1.32
Thanks in advance.

Apache VFS - FTPS support for TLSv1

Please can someone tell me if Apache VFS 2.6.0 will support FTPS at TLSv1 ?
The reason I ask is because we have written an application using VFS and developed it against VsFTPD 3.0.2
Now we have moved into testing we are seeing a lot of old machines using VsFTPD 2.2.2 with only TLSv1 support.
Exceptions (don't give much away)
org.apache.commons.vfs2.FileSystemException: Could not connect to FTP server on "100.200.150.25".
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory$ConnectionFactory.createConnection(FtpClientFactory.java:220)
at org.apache.commons.vfs2.provider.ftps.FtpsClientFactory.createConnection(FtpsClientFactory.java:57)
at org.apache.commons.vfs2.provider.ftps.FtpsClientWrapper.createClient(FtpsClientWrapper.java:47)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.createClient(FTPClientWrapper.java:97)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.getFtpClient(FTPClientWrapper.java:146)
at org.apache.commons.vfs2.provider.ftp.FTPClientWrapper.<init>(FTPClientWrapper.java:52)
at org.apache.commons.vfs2.provider.ftps.FtpsClientWrapper.<init>(FtpsClientWrapper.java:41)
at org.apache.commons.vfs2.provider.ftps.FtpsFileProvider.doCreateFileSystem(FtpsFileProvider.java:49)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.getFileSystem(AbstractOriginatingFileProvider.java:93)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:72)
at org.apache.commons.vfs2.provider.AbstractOriginatingFileProvider.findFile(AbstractOriginatingFileProvider.java:56)
at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:717)
at org.apache.commons.vfs2.impl.DefaultFileSystemManager.resolveFile(DefaultFileSystemManager.java:654)
at org.springframework.cglib.proxy.MethodProxy.invoke(MethodProxy.java:218)
at org.springframework.aop.framework.CglibAopProxy$CglibMethodInvocation.invokeJoinpoint(CglibAopProxy.java:750)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:163)
at org.springframework.aop.aspectj.MethodInvocationProceedingJoinPoint.proceed(MethodInvocationProceedingJoinPoint.java:88)
at org.springframework.cloud.sleuth.instrument.async.TraceAsyncAspect.traceBackgroundThread(TraceAsyncAspect.java:67)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.base/java.lang.reflect.Method.invoke(Method.java:566)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethodWithGivenArgs(AbstractAspectJAdvice.java:644)
at org.springframework.aop.aspectj.AbstractAspectJAdvice.invokeAdviceMethod(AbstractAspectJAdvice.java:633)
at org.springframework.aop.aspectj.AspectJAroundAdvice.invoke(AspectJAroundAdvice.java:70)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.interceptor.ExposeInvocationInterceptor.invoke(ExposeInvocationInterceptor.java:93)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:186)
at org.springframework.aop.interceptor.AsyncExecutionInterceptor.lambda$invoke$0(AsyncExecutionInterceptor.java:115)
at org.springframework.cloud.sleuth.instrument.async.TraceCallable.call(TraceCallable.java:70)
at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:285)
at java.base/sun.security.ssl.TransportContext.dispatch(TransportContext.java:180)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:164)
at java.base/sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1152)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1063)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:402)
at org.apache.commons.net.ftp.FTPSClient.sslNegotiation(FTPSClient.java:289)
at org.apache.commons.net.ftp.FTPSClient._connectAction_(FTPSClient.java:226)
at org.apache.commons.net.SocketClient._connect(SocketClient.java:244)
at org.apache.commons.net.SocketClient.connect(SocketClient.java:202)
at org.apache.commons.vfs2.provider.ftp.FtpClientFactory$ConnectionFactory.createConnection(FtpClientFactory.java:163)
Apache VFS does support TLSv1
The issue here was in the commonly seen and equally vague Exception
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Java 11 has a set of disabled Ciphers which are used to encrypt for TLS
The one I found was being used by VSFTPD 2.2.2 is DES-CBC3-SHA
The one I found disabled by Java 11 in conf/java.security was 3DES_EDE_CBC
I removed it from the disabled list and now the connection works fine.
PLEASE NOTE
I will be advising services to upgrade their VSFTPD servers. I don't like downgrading security but money talks and I suspect this smaller/cheaper change will be implemented.

Incoming HTTP post over HTTPS causing exception

I have made a simple RESTlet that I have hosted on an Amazon EC2 instance.
I can reach this when i run it over HTTP.
I needed to convert this to working with HTTPS so followed the RESTlet guide at https://restlet.com/open-source/documentation/user-guide/2.2/core/security/https
When I connect to it over HTTP I get this error..
Restlet-917142466, READ: TLSv1.2 Alert, length = 2
Restlet-917142466, RECV TLSv1.2 ALERT: fatal, certificate_unknown
Restlet-917142466, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
Restlet-917142466, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
Restlet-917142466, called closeInbound()
Restlet-917142466, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
Restlet-917142466, called closeOutbound()
Restlet-917142466, closeOutboundInternal()
The Java code is very simple and mirrors the sample RESTlet server in the guide.
Any suggestions on what I could try to fix this?

Worklight SSL errors using local Liberty server

I have the PushAdapter from the example push notification defined in an new project, and, I've added the apns-certificate-sandbox.p12 to the native api application (a native api), added the correct bundleId value in the application-descriptor.xml, but, I keep getting this error:
[WARNING ] Failed to retreive invalid devices
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
[ERROR ] Couldn't get feedback connection
javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
[ERROR ] Unknown exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
Unknown exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
This is a new installation of Worklight (6.0.0.20130909-1459), and I've tried two separate installations (one into Eclipse and one into RAD), both same errors.
Is there some additional work that needs to be done for push testing to work in the Worklight Development Server (Websphere Liberty) environment for SSL to work? There aren't any devices subscribed yet, but, not sure why this error is occurring or if it's relevant at all.
The detailed trace is here:
[11/1/13 11:50:20:834 EDT] 00000034 com.worklight.core.exceptions.InstrumentedException E Unknown exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
com.worklight.core.exceptions.InstrumentedException: Unknown exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.worklight.core.exceptions.DefaultExceptionHandler.handleException(DefaultExceptionHandler.java:56)
at com.worklight.core.tasks.TaskThread.run(TaskThread.java:113)
Caused by: java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at com.notnoop.apns.internal.Utilities.parseFeedbackStreamRaw(Utilities.java:201)
at com.notnoop.apns.internal.Utilities.parseFeedbackStream(Utilities.java:211)
at com.notnoop.apns.internal.ApnsFeedbackConnection.getInactiveDevicesImpl(ApnsFeedbackConnection.java:87)
at com.notnoop.apns.internal.ApnsFeedbackConnection.getInactiveDevices(ApnsFeedbackConnection.java:67)
at com.notnoop.apns.internal.AbstractApnsService.getInactiveDevices(AbstractApnsService.java:99)
at com.notnoop.apns.internal.ApnsServiceImpl.getInactiveDevices(ApnsServiceImpl.java:36)
at com.worklight.integration.notification.apns.ApplicationConnection.getInactiveDevices(ApplicationConnection.java:110)
at com.worklight.integration.notification.apns.APNSMediator.maintain(APNSMediator.java:95)
at com.worklight.integration.notification.Dispatcher.maintain(Dispatcher.java:148)
at com.worklight.integration.notification.NotificationCleanupTask.step(NotificationCleanupTask.java:29)
at com.worklight.core.tasks.TaskThread.run(TaskThread.java:111)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1961)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:882)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
at sun.security.ssl.AppInputStream.read(AppInputStream.java:69)
at java.io.DataInputStream.readInt(DataInputStream.java:387)
at com.notnoop.apns.internal.Utilities.parseFeedbackStreamRaw(Utilities.java:192)
... 10 more
This looks like an error from the server trying to test a connection to the Apple Push/Feedback service.
A couple of things to check:
Is the application built for development or distribution?
If development, ensure you are using the Development SSL certificate. Export both the certificate and private key into a file named: apns-certificate-sandbox.p12
If distribution, ensure you are using the Production SSL certificate. Export both the certificate and private key into the a file named: apns-certificate-production.p12
Ensure the .p12 file was created correctly and that you specified the corresponding password in the application descriptor file.
Ensure that your Worklight server can access the APNs hosts/ports for the push and for feedback service. i.e Firewall ports need to be opened for the following:
gateway.push.apple.com, port 2195
gateway.sandbox.push.apple.com, port 2195
feedback.push.apple.com, port 2196
feedback.sandbox.push.apple.com on port 2196
Worklight product never used http://code.google.com/p/javapns for push, it is using com.notnoop.apns . This package works well with Oracle JDK 1.6 and 1.7
Can you shed some more light on which JDK exactly version were you using ?
I tested push sample on the embedded Liberty+Oracle JDK 1.7_07b +iPhone 5 and it worked.
how did you create this certificate ? can you write here step-by-step what you did? (and specify every file you copied,edited i the way)
If you are asking about using javaPNS: Ofcourse, since its an open framework, you could manually copy (and use) any jar into your Worklight project as a 3rd party dependency, however, it seems that this javaPNS jar has some bugs with SSL.
Why don't you look at the Worklight's push notification samples and work your way from there ( http://www.ibm.com/developerworks/mobile/worklight/getting-started.html#client-basics ) ? (Worklight comes with a working push notification solution , works on JDK1.6 or 1.7 without issues with your PKCS12 certificates)
On my side it has been veririfed that in OS X (sometimes in Windows too actually), the certificate_unknown error is thrown when using JRE 7 instead of JRE 6. It seems that the notnoop open source library used in Worklight is not handling well Java 7.
https://github.com/notnoop/java-apns/issues/54