You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Emil Hornung <em...@comarch.pl> on 2011/08/05 16:16:10 UTC
Problem using Axis2 and SSLv3.
Hi,
I have a problem using Axis2 and SSLv3. We've created a standalone web
service client (J2SE) which communicates with our web service via https.
Everything was fine until (for security reasons) security department
introduced SSL in version 3 instead of version 2.
Now when I try to connect with the web service, I'm getting an error:
org.apache.axis2.AxisFault: Remote host closed connection during handshake
at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
at
org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
at
org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
at
org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
at
org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
at
org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
at
org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
at
org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
at
org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)
at org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
at
org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
at
org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
at
org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
at
org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555)
at
org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:531)
at
gov.epuap.eil.saml.auth.SAMLProxy.sendSOAPMessage(SAMLProxy.java:367)
at gov.epuap.eil.saml.auth.SAMLProxy.authorize(SAMLProxy.java:409)
at gov.epuap.eil.Start.main(Start.java:49)
Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
connection during handshake
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
at java.io.BufferedOutputStream.write(Unknown Source)
at java.io.FilterOutputStream.write(Unknown Source)
at
org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:89)
... 20 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
... 28 more
As far as I know from debug info, it looks like the client is trying to
connect to the web service using TLSv1 and also using SSLv2 (without
trying using SSLv3).
I've tried forcing Axis2 to use SSLv3 by setting environment variable at
the very beginning of the client program:
System.setProperty("https.protocols", "SSLv3"). Unfortunately, it
doesn't work. It looks like Axis2 doesn't use this variable.
Does anyone know how to force Axis2 to use SSLv3?
Thanks in advance.
Best regards
Emil Hornung
--
Emil Hornung
Programista
tel. +48 22 564-24-64
---------------------------------------------------------------------
To unsubscribe, e-mail: java-user-unsubscribe@axis.apache.org
For additional commands, e-mail: java-user-help@axis.apache.org
Re: Problem using Axis2 and SSLv3.
Posted by Emil Hornung <em...@comarch.pl>.
Hi,
Some time ago, a colleague of mine solved the problem, so I would like
to share it with others.
His solution is based upon EasySSLProtocolSocketFactory class. We've
taken the source code of the class and adopt it to use only SSLv3
protocol. To turn on this factory, you have to register it by:
ProtocolSocketFactory ssl3ProtocolSocketFactory = new
SSL3ProtocolSocketFactory();
Protocol protocol = new Protocol("https", ssl3ProtocolSocketFactory, 9443);
Protocol.registerProtocol("https", protocol);
The source code of SSL3ProtocolSocketFactory is attached to the mail.
We don't know how exactly our class works, but it does :) - so I hope
that mail will help others with this problem.
Best regards
Emil Hornung
W dniu 2011-08-05 16:16, Emil Hornung pisze:
> Hi,
>
> I have a problem using Axis2 and SSLv3. We've created a standalone web
> service client (J2SE) which communicates with our web service via
> https. Everything was fine until (for security reasons) security
> department introduced SSL in version 3 instead of version 2.
> Now when I try to connect with the web service, I'm getting an error:
> org.apache.axis2.AxisFault: Remote host closed connection during
> handshake
> at org.apache.axis2.AxisFault.makeFault(AxisFault.java:430)
> at
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:98)
> at
> org.apache.commons.httpclient.methods.EntityEnclosingMethod.writeRequestBody(EntityEnclosingMethod.java:499)
> at
> org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2114)
> at
> org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
> at
> org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
> at
> org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
> at
> org.apache.axis2.transport.http.AbstractHTTPSender.executeMethod(AbstractHTTPSender.java:621)
> at
> org.apache.axis2.transport.http.HTTPSender.sendViaPost(HTTPSender.java:193)
> at
> org.apache.axis2.transport.http.HTTPSender.send(HTTPSender.java:75)
> at
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.writeMessageWithCommons(CommonsHTTPTransportSender.java:404)
> at
> org.apache.axis2.transport.http.CommonsHTTPTransportSender.invoke(CommonsHTTPTransportSender.java:231)
> at org.apache.axis2.engine.AxisEngine.send(AxisEngine.java:443)
> at
> org.apache.axis2.description.OutInAxisOperationClient.send(OutInAxisOperation.java:406)
> at
> org.apache.axis2.description.OutInAxisOperationClient.executeImpl(OutInAxisOperation.java:229)
> at
> org.apache.axis2.client.OperationClient.execute(OperationClient.java:165)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:555)
> at
> org.apache.axis2.client.ServiceClient.sendReceive(ServiceClient.java:531)
> at
> gov.epuap.eil.saml.auth.SAMLProxy.sendSOAPMessage(SAMLProxy.java:367)
> at gov.epuap.eil.saml.auth.SAMLProxy.authorize(SAMLProxy.java:409)
> at gov.epuap.eil.Start.main(Start.java:49)
> Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed
> connection during handshake
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown
> Source)
> at
> com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown
> Source)
> at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
> at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
> at java.io.BufferedOutputStream.write(Unknown Source)
> at java.io.FilterOutputStream.write(Unknown Source)
> at
> org.apache.axis2.transport.http.AxisRequestEntity.writeRequest(AxisRequestEntity.java:89)
> ... 20 more
> Caused by: java.io.EOFException: SSL peer shut down incorrectly
> at com.sun.net.ssl.internal.ssl.InputRecord.read(Unknown Source)
> ... 28 more
>
> As far as I know from debug info, it looks like the client is trying
> to connect to the web service using TLSv1 and also using SSLv2
> (without trying using SSLv3).
> I've tried forcing Axis2 to use SSLv3 by setting environment variable
> at the very beginning of the client program:
> System.setProperty("https.protocols", "SSLv3"). Unfortunately, it
> doesn't work. It looks like Axis2 doesn't use this variable.
> Does anyone know how to force Axis2 to use SSLv3?
> Thanks in advance.
>
> Best regards
>
> Emil Hornung
>
--
Emil Hornung
Programista
tel. +48 22 564-24-64