1 Reply Latest reply on Jul 19, 2016 6:56 AM by wagnbeu0

    SSL handshake failed. when moving to TLS connection in Jboss

    Karthikraja R Newbie

      Hi,

      I am using jboss-eap-6.0 and  jdk !1.7.0_09 , we were earlier using the SSL connection  which was working fine and now trying to switch to TLS , to overcome the Poodle vulnerability.

      After referring few articles i have added below configuration in standalone.xml file, but getting the below  error, can some one please help me to resolve the issue.

       

      <subsystem xmlns="urn:jboss:domain:web:1.1" default-virtual-server="default-host" native="false">

                  <connector name="http" protocol="HTTP/1.1" scheme="http" socket-binding="http"/>

                  <connector name="https" protocol="HTTP/1.1" scheme="https" >

                      <ssl name="https" key-alias="server" password="$PASSWORD_HERE}" certificate-key-file="CERT_FILE"  protocol="TLSv1.1" verify-client="false" certificate-file="CERT_FILE" ca-certificate-file="CERT_FILE_LCOATION"/>

                  </connector>

                  <virtual-server name="default-host" enable-welcome-root="true">

                      <alias name="localhost"/>

                      <alias name="example.com"/>

                  </virtual-server>

              </subsystem>

      Please note i have replaced password,certificate related attribute values for security reason here.


      error Log:

      In server.log file getting the below error.

      19:26:48,995 DEBUG [org.apache.tomcat.util.net.JIoEndpoint] (http-/0.0.0.0:9443-1) Handshake failed: java.io.IOException: SSL handshake failed. Ciper suite in SSL Session is SSL_NULL_WITH_NULL_NULL
      at
      org.apache.tomcat.util.net.jsse.JSSESocketFactory.handshake(JSSESocketFactory.java:191) [jbossweb-7.0.16.Final-redhat-1.jar:]
      at
      org.apache.tomcat.util.net.JIoEndpoint.setSocketOptions(JIoEndpoint.java:1123) [jbossweb-7.0.16.Final-redhat-1.jar:]
      at
      org.apache.tomcat.util.net.JIoEndpoint$Worker.run(JIoEndpoint.java:931) [jbossweb-7.0.16.Final-redhat-1.jar:]
      at java.lang.Thread.run(Thread.java:722) [rt.jar:1.7.0_09]