My code is trying to access a template file on the same server as the application.
It all worked fine until we switched on SSL.
Now when connecting to the file I get a SSLHandshakeException: handshake_failure with not much information on the actual cause of the issue.
If I try to access the file through the browser I get a warning page asking if I want to proceed at my own risk.
Is it a problem with the certificate? Can I bypass it?
Edit: The server is JBoss EAP 6.1 with Java 1.7. It's configured to use TLS1.2.
The bit retrieving the template is:
URL url;
URLConnection urlConnection;
try {
url = new URL(templateUrl);
urlConnection = url.openConnection();
urlConnection.setConnectTimeout(connectionTimeout);
urlConnection.setReadTimeout(connectionTimeout);
BufferedReader breader = new BufferedReader(new InputStreamReader(urlConnection.getInputStream()));
String line;
while ((line = breader.readLine()) != null) {
strHtmlContent.append(line);
}
}
Handshake error is usually not a problem with the certificate, at least not with the validation of the certificate. It can have several other reasons, typically wrong protocol version, no cipher overlap, missing use of SNI... .
Unfortunately it is impossible to say what the problem is in your specific case but you might narrow it down by trying to access the site with different clients (i.e. browser, curl, ...). If not even a browser can access the site it is probably a misconfiguration of the server.
Related
I have a teiid embedded server and I am trying to connect to a vds on that server through 2-way SSL from my remote client by passing the teiid SSL properties in SystemProperties as per the teiid documentation at: http://teiid.github.io/teiid-documents/12.3.x/content/client-dev/SSL_Client_Connections.html
The connection is successful even without the truststore which is a mandatory property.
Code snippet to replicate this issue:
Properties properties = new Properties();
properties.put("user", "admin");
properties.put("password", "admin");
System.setProperty("org.teiid.ssl.keyStore", "C:/truststore.p12");
System.setProperty("org.teiid.ssl.keyStorePassword", "testssl");
System.setProperty("org.teiid.ssl.trustAll", "false");
DriverManager.registerDriver(new TeiidDriver());
Connection connection1 = DriverManager.getConnection("jdbc:teiid:testvds#mms://localhost:32750", properties);
if (connection.isValid(1000))
{
System.out.println("Connection success");
}
In this case it should have failed. Can you please let me know if this is an issue or I am missing something on my end.
Thanks,
Megha
Can you elaborate on the server side settings? As the other user is getting at, if the server key is already trusted by the default java trust store you don't need additional client settings.
I have a Java agent that connects to a payment gateway to validate a CC transaction.
Everything seems to work fine when the Java logic is run on my IBM Notes client (9.0.1FP10IF3).
I am now migrating the logic to a managed bean on my Domino server (9.0.1FP6).
Whenever the connection is made through the bean, I observe the following error on the server console...
HTTP JVM: javax.net.ssl.SSLHandshakeException: Received fatal alert:
handshake_failure
I am certain it's because the payment gateway with which I am attempting to communicate has recently upgraded to enforce mandatory TLS 1.2 communications.
However, I'm not sure how to enforce those communications on the Domino server side?
I have set the recommended NOTES.INI variables...
DISABLE_SSLV3=1
SSL_DISABLE_TLS_10=1
... and set the 'SSLCipherSpec', but nothing is working.
Here is an excerpt from the logic I'm using to test everything out.
The 'DataOutputStream' line is what triggers the error...
URL url = new URL("https://host/endpoint");
HttpURLConnection connection = (HttpURLConnection) url.openConnection();
connection.setRequestMethod("POST");
connection.setAllowUserInteraction(false);
connection.setDoOutput(true);
connection.setDoInput(true);
connection.setUseCaches(false);
connection.setRequestProperty("Content-type", "text/xml");
connection.setRequestProperty("Content-length", Integer.toString(postContent.length()));
DataOutputStream out = new DataOutputStream(connection.getOutputStream());
out.writeBytes(postContent);
out.flush();
out.close();
connection.disconnect();
Any advice/assistance would be most appreciated!
As Per answered, this document allowed me to resolve the issue straight away...
www-01.ibm.com/support/docview.wss?uid=swg21985289
I have integrated paypal to my MVC4 application. PayPal dll version 1.5.0.0, NewtonJson dll version 6.0.0.0
At first i got exception at localhost while getting access token
Dictionary<string, string> sdkConfig = new Dictionary<string, string>();
sdkConfig.Add("mode", "sandbox");
string accessToken = new PayPal.Api.OAuthTokenCredential("MyClientId", "MySecretId", sdkConfig).GetAccessToken();
Exception was
Invalid HTTP response: The request was aborted: Could not create SSL/TLS secure channel.
From stackoverflow I got a fix
System.Net.ServicePointManager.Expect100Continue = true;
System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
System.Net.ServicePointManager.DefaultConnectionLimit = 9999;
Its currently working fine on my localhost, but getting exception when uploaded and run on AWS windows instance.
Retried 3 times.... Exception in PayPal.HttpConnection.Execute(). Check log for more details.
Can somebody help me on this ?
UPDATE
I have checked with uploading the same code in mochahost server. Its working perfectly there too
My EC2 instance is Windows Server 2008 DataCenter, 32 bit with IIS7
Make sure TCP443 is open on any elastic load balancer (ELB) you are using and in the security group assigned to the EC2 instance. In the OS make sure TCP443 is allowed with Windows Advanced Firewall.
I am using scribe 1.3.0 for OATH authentication. This is on Tomcat 7 under Ubuntu.
I am pretty sure this is some sort of a pilot error but cannot figure out what is wrong exactly...
I create the service and token in the constructor of my client class:
public Client()
{
m_service = new ServiceBuilder()
.provider(Api.class)
.apiKey(CONSUMER_KEY)
.apiSecret(CONSUMER_SECRET)
.debug()
.build();
m_accessToken = new Token(OAUTH_TOKEN, OAUTH_TOKEN_SECRET);
}
Later on when time comes to make a request I use the service in a function:
OAuthRequest request = new OAuthRequest(Verb.GET,
url);
m_service.signRequest(m_accessToken, request);
Since I added the debug() tag to the ServiceBuilder I get the following output:
signing request: URL
setting token to: Token[xxxx , xxxxx]
generating signature...
thats it.. nothing else happens, the code just seems to die there.
I tried to catch Exception from the m_service call but it does not throw exception.
I had tried this code before on a different Windows machine with Jetty and it worked but I dont have access to that machine or OS anymore..
What could I be doing wrong? Is there anything else I can do to get more debug output?
-Wish
Turns out that I needed to include the apache codec jar files in Tomcat.
I did go back to try my app on Jetty again under Windows, that worked without the codec. I am not entirely sure why linux+Tomcat needs apache codec while Jetty+Windows7 does not..
If I had Maven would not have this issue..
Hello World!
Currently I'm writing a simple Client/Server application which uses sockets to do the communitcation. My Client and my Server application are working fine with each other but if I try to query my Server application with a real web-browser (like Mozilla Firefox), then it comes to an exception.
I think that my streams are not compatible with Mozilla Firefox. This little code line always leads to an IOException with the error message "invalid stream header: 47455420".
From Firefox I try to connect via: http://localhost:7777/some-webpage.html
This is my code:
server = new ServerSocket(7777);
Socket socket = server.accept();
try
{
ObjectInputStream inputStream = new ObjectInputStream(new BufferedInputStream(socket.getInputStream()));
}
catch (IOException ex)
{
System.out.println("This exception happens :-(");
System.out.println(ex.getLocalizedMessage());
}
Does anybody know why this happens?
Help is seen with pleasure.
Greetings
Benny
The ObjectInputStream expects a binary format. You can't use a web browser to produce the binary format that it reads. The web browser will talk HTTP protocol, and your server is not expecting that at all.
You probably need to learn about web services. You might find the JAX-RS support in CXF convenient for what you seem to want to do.
To just drop in to HTTP, the minimal thing to do is implement a servlet: google would be your friend in learning about them.