0 Replies Latest reply on Nov 7, 2014 11:40 AM by Mariyan Valchev

    Jboss AS 6.1.0 Handshake timeout with Java7

    Mariyan Valchev Newbie

      Hi all, I'm new here.

      I have a problem with SSL in Jboss 6.1.0. I use CLIEN-CERT to restrict certain security constraint with client certificate. I configured all needed places(web.xml,jboss-web.xml,jboss-loggin, server.xml,jboss-service). When I start server with JDK6 everything works fine, but when i start server with JDK7 and try to access the security constraint i get the error Exception getting SSL attributes: java.net.SocketException: SSL Cert handshake timeout. Here is stacktrace:

      2014-10-16 17:39:10,184 WARN  [org.apache.coyote.http11.Http11Processor] (http-0.0.0.0-8443-2) Exception getting SSL attributes: java.net.SocketException: SSL Cert handshake timeout
        at org.apache.tomcat.util.net.jsse.JSSESupport.handShake(JSSESupport.java:178) [:6.1.0.Final]
        at org.apache.tomcat.util.net.jsse.JSSESupport.getPeerCertificateChain(JSSESupport.java:138) [:6.1.0.Final]
        at org.apache.coyote.http11.Http11Processor.action(Http11Processor.java:1144) [:6.1.0.Final]
        at org.apache.coyote.Request.action(Request.java:352) [:6.1.0.Final]
        at org.apache.catalina.connector.Request.getCertificateChain(Request.java:1112) [:6.1.0.Final]
        at org.apache.catalina.authenticator.SSLAuthenticator.authenticate(SSLAuthenticator.java:132) [:6.1.0.Final]
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:559) [:6.1.0.Final]
        at org.jboss.web.tomcat.security.JaccContextValve.invoke(JaccContextValve.java:88) [:6.1.0.Final]
        at org.jboss.web.tomcat.security.SecurityContextEstablishmentValve.invoke(SecurityContextEstablishmentValve.java:100) [:6.1.0.Final]
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:159) [:6.1.0.Final]
        at org.jboss.web.tomcat.service.jca.CachedConnectionValve.invoke(CachedConnectionValve.java:158) [:6.1.0.Final]
        at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:567) [:6.1.0.Final]
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109) [:6.1.0.Final]
        at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:631) [:6.1.0.Final]
        at org.jboss.web.rewrite.RewriteValve.invoke(RewriteValve.java:273) [:6.1.0.Final]
        at org.jboss.web.tomcat.service.request.ActiveRequestResponseCacheValve.invoke(ActiveRequestResponseCacheValve.java:53) [:6.1.0.Final]
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:362) [:6.1.0.Final]
        at org.apache.coyote.http11.Http11Processor.process(Http11Processor.java:877) [:6.1.0.Final]
        at org.apache.coyote.http11.Http11Protocol$Http11ConnectionHandler.process(Http11Protocol.java:654) [:6.1.0.Final]
        at org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:951) [:6.1.0.Final]
        at java.lang.Thread.run(Thread.java:745) [:1.7.0_71]
      
      

       

      When i switch clientAuth="true" or "want" it's work, but with "false" and accessing security constraint with CLIENT-CERT doesn't work with JDK7.

      I tried to debug JSSESupport.java and saw that there is for cycle in handshake method and with JDK6 when enter for first time in that cycle and read bytes from InputStream browser window is opened and request my client certificate, but with JDK7 this doesn't happend, the error is thrown at the end of the method because client didn't send his certificate. Actually this browser window is opened later and when i submit my certificate nothing happend, beacuse handshake is completed with result false. I tried with firefox,ie,chrome and result is the same. If someone can help me or give me a advice it would be greatfull.