JBWEB003006: Handshake failed: java.io.IOException: JBWEB002042: SSL handshake failed, cipher suite in SSL Session is SSL_NULL_WITH_NULL_NULL

I have an issue with SSL configuration, while doing an installation for our in-house product. The installation is on jboss-eap-6.1., using java-1.7.0-openjdk-1.7.0.85.x86_64

The log sais:

16:28:11,685 DEBUG [org.apache.tomcat.util] (http-/0.0.0.0:8443-1) JBWEB003006: Handshake failed: java.io.IOException: JBWEB002042: SSL handshake failed, cipher suite in SSL Session is SSL_NULL_WITH_NULL_NULL at org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:185) [jbossweb-7.2.2.Final-redhat-1.jar:7.2.2.Final-redhat-1]

I have the following configuration in the standalone-full.xml for https:

connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">

ssl name="tomcat-ssl" key-alias="ssocertificate" password="changeit" certificate-key-file="/etc/cas/certificate/portal.keystore" protocol="TLSv1"

cipher-suite= "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA"/>

/connector>

The key was generated like this:

keytool -genkey -dname "CN=sem-core, OU=HOME, O=Company, L=Timisoara, ST=Timis, C=RO" -alias "alu" -keyalg RSA -keypass changeit -keystore /etc/cas/certificate/portal.keystore -storepass changeit -keyalg RSA -ext SAN=dns:sem-core,ip:135.247.150.77

Also imported in $JAVA_HOME/lib/security/cacerts

Any attempt to access https on the configured port is unsuccessful. Sometimes I get the error above, sometimes nothing. Firefox returns:

An error occurred during a connection to 135.247.150.77:8443. Peer reports it experienced an internal error. (Error code: ssl_error_internal_error_alert)

Thanks for any ideas.

Answers


Please check $JAVA_HOME/lib/security/ and see if there is no jssecacerts file.

If the file exists, import the cert into this file. Java checks for this file first before cacerts (http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#X509TrustManager).

If that is not the issue, you may also have a look at the this issue, which might be the same: https://developer.jboss.org/thread/153637


Need Your Help

How to retrieve text box value from a JSP page

java jsp servlets web-applications

I am creating a web application in Java and am having trouble retrieving a value from a text box. My aim is to ask the user to enter their email address and then use the value entered for the rest ...