5 Replies Latest reply on Jan 15, 2016 10:14 AM by tihomir91

JBoss messaging client with jndi is failing after initial ssl handshake

tihomir91 Jan 15, 2016 2:32 AM

Hello Colleagues,

I created standalone jms client to connect to JBoss eap 6.4 with tlsv1.2. The connection with java 7 and 8 is successful. Now i imported the code in our application for development purposes in order to test the connection but now it is failing after the client send tlsv1.2 hello message. I am providing ssl debug trace:

8:372	Guest	~Q-client-global-threads-1675133750]	System.out	0000: 0C 00 01 49 03 00 17 41 04 72 AB 0A 50 98 46 C0 ...I...A.r..P.F. 0010: CC 60 E9 31 93 88 C1 63 7C 40 57 6F C3 A1 E6 58 .`.1...c.@Wo...X 0020: 24 59 7B 02 15 D9 92 53 24 A5 A5 E5 41 1F 1A 74 $Y.....S$...A..t 0030: D0 1F C3 66 09 AF 8C 30 07 68 20 6E 1B 7C F2 A2 ...f...0.h n.... 0040: C3 87 3F DA 6F A7 2F E8 1C 06 01 01 00 3F CD 98 ..?.o./......?.. 0050: 54 4B D0 66 60 4F A1 0D 6B 49 DA 57 9C B6 4D 14 TK.f`O..kI.W..M. 0060: 18 DA A8 0F 41 84 4D 36 2E 77 65 89 99 E9 7B 80 ....A.M6.we..... 0070: 36 BA B6 80 F9 13 1D F4 44 1F 2F 5F 40 C7 55 F7 6.......D./_@.U. 0080: 42 3E 57 01 A2 28 E3 26 5A 47 67 11 1F C0 63 AD B>W..(.&ZGg...c. 0090: 08 B1 DE 5B B8 4F B3 73 51 84 8E F0 23 22 44 ED ...[.O.sQ...#"D. 00A0: A6 7B 53 7D 33 5C B2 7D 08 88 74 E8 F7 91 20 0F ..S.3\....t... . 00B0: 68 02 AE 60 70 EB 9F 24 CB 80 A4 16 2E A3 0A EB h..`p..$........ 00C0: 0F 1E 87 F5 F9 91 4B 0D 50 4D D8 13 C1 20 4B 99 ......K.PM... K. 00D0: D8 14 E3 49 1A 02 90 15 98 9A 27 9F 90 1C B9 74 ...I......'....t 00E0: 9C 8C 92 03 73 1D 8C 07 72 71 E5 25 DD 34 E8 20 ....s...rq.%.4. 00F0: 26 89 14 59 D5 E2 68 31 33 23 6B F5 F0 1A 2B 3B &..Y..h13#k...+; 0100: D7 92 C2 6A 2D 9C C2 72 FB 33 4E 1C EB AA 9E EF ...j-..r.3N..... 0110: E9 95 E7 2F A0 15 39 5C 3C BD 21 42 D9 DB AB BC .../..9\<.!B.... 0120: F9 CF 5B 70 AD C3 0B 26 49 84 EE 44 34 04 FE 30 ..[p...&I..D4..0 0130: F0 C8 C5 5D 11 72 4F 4E 0D 9A 89 65 AF 84 A5 90 ...].rON...e.... 0140: B3 4C 4B FB 09 A8 AC 33 94 94 81 EA CF .LK....3..... *** ServerHelloDone
	13:15:18:373	Guest	~Q-client-global-threads-1675133750]	System.out	[read] MD5 and SHA1 hashes: len = 4
	13:15:18:373	Guest	~Q-client-global-threads-1675133750]	System.out	0000: 0E 00 00 00 .... *** ECDHClientKeyExchange
	13:15:18:373	Guest	~Q-client-global-threads-1675133750]	System.out	ECDH Public value: { 4, 175, 248, 221, 6, 83, 125, 155, 95, 136, 154, 79, 66, 199, 14, 111, 94, 183, 238, 236, 119, 70, 135, 238, 86, 155, 246, 35, 83, 202, 22, 120, 152, 80, 151, 235, 194, 97, 76, 207, 115, 120, 246, 197, 123, 89, 64, 122, 62, 210, 59, 50, 153, 141, 194, 125, 47, 129, 49, 25, 56, 52, 152, 134, 166 }
	13:15:18:374	Guest	~Q-client-global-threads-1675133750]	System.out	[write] MD5 and SHA1 hashes: len = 70
	13:15:18:374	Guest	~Q-client-global-threads-1675133750]	System.out	0000: 10 00 00 42 41 04 AF F8 DD 06 53 7D 9B 5F 88 9A ...BA.....S.._.. 0010: 4F 42 C7 0E 6F 5E B7 EE EC 77 46 87 EE 56 9B F6 OB..o^...wF..V.. 0020: 23 53 CA 16 78 98 50 97 EB C2 61 4C CF 73 78 F6 #S..x.P...aL.sx. 0030: C5 7B 59 40 7A 3E D2 3B 32 99 8D C2 7D 2F 81 31 ..Y@z>.;2..../.1 0040: 19 38 34 98 86 A6 .84... Old I/O client worker ([id: 0xe03bcf8b, /10.66.186.162:62159 => vepo750052/10.66.186.162:5445]), WRITE: TLSv1.2 Handshake, length = 70
	13:15:18:375	Guest	~Q-client-global-threads-1675133750]	System.out	Old I/O client worker ([id: 0xe03bcf8b, /10.66.186.162:62159 => vepo750052/10.66.186.162:5445]), fatal error: 80: problem unwrapping net record java.lang.RuntimeException: Could not generate secret
	13:15:18:375	Guest	~Q-client-global-threads-1675133750]	System.out	%% Invalidated: [Session-27, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256]
	13:15:18:375	Guest	~Q-client-global-threads-1675133750]	System.out	Old I/O client worker ([id: 0xe03bcf8b, /10.66.186.162:62159 => vepo750052/10.66.186.162:5445]), SEND TLSv1.2 ALERT: fatal, description = internal_error
	13:15:18:376	Guest	~Q-client-global-threads-1675133750]	System.out	Old I/O client worker ([id: 0xe03bcf8b, /10.66.186.162:62159 => vepo750052/10.66.186.162:5445]), WRITE: TLSv1.2 Alert, length = 2
	13:15:48:233	Guest	Application [58]	System.out	[Raw write]: length = 75
	13:15:48:269	Guest	Application [58]	System.out	0000: 16 03 03 00 46 10 00 00 42 41 04 AF F8 DD 06 53 ....F...BA.....S 0010: 7D 9B 5F 88 9A 4F 42 C7 0E 6F 5E B7 EE EC 77 46 .._..OB..o^...wF 0020: 87 EE 56 9B F6 23 53 CA 16 78 98 50 97 EB C2 61 ..V..#S..x.P...a 0030: 4C CF 73 78 F6 C5 7B 59 40 7A 3E D2 3B 32 99 8D L.sx...Y@z>.;2.. 0040: C2 7D 2F 81 31 19 38 34 98 86 A6 ../.1.84... [Raw write]: length = 7
	13:15:48:297	Guest	~Q-client-global-threads-1675133750]	System.out	0000: 15 03 03 00 02 02 50 ......P Old I/O client worker ([id: 0xe03bcf8b, /10.66.186.162:62159 => vepo750052/10.66.186.162:5445]), called closeOutbound()
	13:15:48:319	Guest	~Q-client-global-threads-1675133750]	System.out	Old I/O client worker ([id: 0xe03bcf8b, /10.66.186.162:62159 => vepo750052/10.66.186.162:5445]), closeOutboundInternal()
	13:15:48:335	Guest	Application [58]	~.jms.core.channel.ChannelImpl.start	Error starting channel: com.sap.aii.af.service.cpa.impl.object.ChannelImpl@72336352 with ID=fae4d8e33327329f9b662a2c2ba75319 due to com.sap.aii.adapter.jms.api.connector.ConnectionException: Error creating Connection from JMS Connection Factory.: javax.jms.JMSException: Failed to create session factory

As you can see the error is :

"Old I/O client worker ([id: 0xe03bcf8b, /10.66.186.162:62159 => vepo750052/10.66.186.162:5445]), fatal error: 80: problem unwrapping net record

java.lang.RuntimeException: Could not generate secret " and this is after the server send tlsv1.2hello done.

What could be the reason for this error, it is coming from the server? I tried to enable javax.net.debug=all but it is not working as i expected. My assumption is that this could be problem with java version of the server and the client?

Regards,

Tihomir

1. Re: JBoss messaging client with jndi is failing after initial ssl handshake

pjhavariotis Jan 15, 2016 2:44 AM (in response to tihomir91)

Are you using a third-party JCA provider? Also, are you using Java 6 in your development environment?
Actions
2. Re: JBoss messaging client with jndi is failing after initial ssl handshake

tihomir91 Jan 15, 2016 3:22 AM (in response to pjhavariotis)

Hi Panagiotis,

JBoss server is using oracle jdk8_045, my client code is compiled by sapjvm_8. And in our AS we are using SAP jca implementation. The client code is working proper when I am using only standalone client with sapjvm_8 and JBoss sever is started with java 7.

Regards,
Tihomir
Actions
3. Re: JBoss messaging client with jndi is failing after initial ssl handshake

pjhavariotis Jan 15, 2016 4:11 AM (in response to tihomir91)

Can you try and install the SAP jca provider with a lower precedence than the Sun JCE provider ?
You can check the JCA reference guide for instructions.
Actions
4. Re: JBoss messaging client with jndi is failing after initial ssl handshake

tihomir91 Jan 15, 2016 5:00 AM (in response to pjhavariotis)

It seems the both sapjvm_8 and jdk_8.045 are using sun security provider with highest priority. From my point of view they should be compatible..
Actions
5. Re: JBoss messaging client with jndi is failing after initial ssl handshake

tihomir91 Jan 15, 2016 10:14 AM (in response to tihomir91)

Hi,

Finally I was able to figure out what was the problem. It seems there is incompatibility between sapjvm8 and jdk8. I copied crypto jars from jdk 1.7 into jdk 1.8_045 directory which was used by my JBoss eap 6.4. Now ssl handshake is passing successfully. In similar problems I would recommend using java 1.7 for JBoss eap.

Regards,
Tihomir
Actions

Go to original post