Project

General

Profile

Image Support #3686

JBOSS EAP 7.2.9 : Support for TLS1.2 :javax.net.ssl.SSLHandshakeException

Added by Shweta about 2 months ago. Updated about 1 month ago.

Status:
Closed
Priority:
Normal
Assignee:
Due date:
% Done:

0%

Operating System:
Linux
JRE:
Not Applicable
Instance Type:
Not Applicable
Your Marketplace Account ID:
2872-5568-4589
Marketplace:
Amazon Web Services
Customer State:
Sydney
Customer Country:
New South Wales

Description

Hi Team,

We are trying to build the connectivity between our ec2 instance and another host which does not support TLS1.2. At our end MASSL in enabled and TLS1 protocol has been configured exclusively for testing purpose. But getting below error when another interface is trying to connection our webservices.

Error Logs:

17:13:27,136 DEBUG [io.undertow.request] (default I/O-2) Using ALPN provider JDK9AlpnProvider for connector at /10.54.154.220:18443
17:13:27,152 DEBUG [io.undertow.request.io] (default I/O-2) UT005013: An IOException occurred: javax.net.ssl.SSLHandshakeException: SSLv2Hello is not enabled
at java.base/sun.security.ssl.SSLEngineInputRecord.handleUnknownRecord(SSLEngineInputRecord.java:364)
at java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:193)
at java.base/sun.security.ssl.SSLEngineInputRecord.decode(SSLEngineInputRecord.java:160)
at java.base/sun.security.ssl.SSLTransport.decode(SSLTransport.java:110)
at java.base/sun.security.ssl.SSLEngineImpl.decode(SSLEngineImpl.java:681)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:636)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433)
at //io.undertow.server.protocol.http.ALPNLimitingSSLEngine.unwrap(ALPNLimitingSSLEngine.java:159)
at //io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:754)
at //io.undertow.protocols.ssl.SslConduit.read(SslConduit.java:583)
at //org.xnio.conduits.ConduitStreamSourceChannel.read(ConduitStreamSourceChannel.java:127)
at //io.undertow.server.protocol.http.AlpnOpenListener$AlpnConnectionListener.handleEvent(AlpnOpenListener.java:350)
at //io.undertow.server.protocol.http.AlpnOpenListener.handleEvent(AlpnOpenListener.java:307)
at //io.undertow.server.protocol.http.AlpnOpenListener.handleEvent(AlpnOpenListener.java:67)
at //org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at //org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:291)
at //org.xnio.ChannelListeners$10.handleEvent(ChannelListeners.java:286)
at //org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at //org.xnio.ChannelListeners$DelegatingChannelListener.handleEvent(ChannelListeners.java:1092)
at //org.xnio.ChannelListeners.invokeChannelListener(ChannelListeners.java:92)
at //org.xnio.nio.QueuedNioTcpServer$1.run(QueuedNioTcpServer.java:134)
at //org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:612)
at //org.xnio.nio.WorkerThread.run(WorkerThread.java:479)

We are not able to understand the root cause of this error.
Please assist us.

Thanks & Regards,
Shweta Hegade

#1

Updated by Mariusz about 2 months ago

  • Status changed from New to In Progress
  • Assignee set to Mariusz
#2

Updated by Mariusz about 2 months ago

  • Assignee changed from Mariusz to Red Hat Support

Hi,

We are waiting for reply from Red Hat Support.
Thanks,
Mariusz Chwalek

#3

Updated by Mariusz about 2 months ago

  • Status changed from In Progress to Feedback
  • Assignee changed from Red Hat Support to Shweta

Reply from Red Hat:

Hi Shweta,

Thank you for contacting Red Hat Technical Support. My name is Rishabh and I will supporting on this case.

From case description I understand that when another server is trying to connect your webservices following exception is observed. 
~~~~~~~~~~~~
17:13:27,152 DEBUG [io.undertow.request.io] (default I/O-2) UT005013: An IOException occurred: javax.net.ssl.SSLHandshakeException: SSLv2Hello is not enabled
~~~~~~~~~~~~

So in current scenario  your application is acting as Server and the application trying to connect is Client. 

You can resolve this error by either disabling SSLv2Hello on the client or enabling SSLv2Hello on the server. Adding solution article[1] with brief description [1].

Any concern on this then please let us know.

Thank you,
Rishabh

[1] https://access.redhat.com/solutions/1254343

#4

Updated by Mariusz about 1 month ago

Hi,
We noticed there hasn't been an update to this ticket for some time. Can we consider this ticket closed from support point of view? Is this still an issue or is there anything further that we can do for you in this regard? If not we will be timing out this ticket and will be closed in a few days time. If you have any other queries, please do not hesitate to ask us.

Regards,
Mariusz Chwalek

#5

Updated by Mariusz about 1 month ago

  • Status changed from Feedback to Closed

Also available in: Atom PDF