4

I have a Tomcat 7 server which runs some servlet I need to access via post from another Tomcat 7 server.

The connection is a SSL connection for security reasons, and I use this code to connect:

/* Load the keyStore that includes self-signed cert as a "trusted" entry. */ KeyStore keyStore = KeyStore.getInstance("JKS"); keyStore.load(new FileInputStream("myjks.jks"), "123456".toCharArray()); TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm()); tmf.init(keyStore); SSLContext ctx = SSLContext.getInstance("TLSv1"); ctx.init(null, tmf.getTrustManagers(), null); SSLSocketFactory sslFactory = ctx.getSocketFactory(); HttpClientBuilder builder = HttpClientBuilder.create(); SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(ctx, SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER); builder.setSSLSocketFactory(sslConnectionFactory); Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create() .register("https", sslConnectionFactory) .build(); HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry); builder.setConnectionManager(ccm); CloseableHttpClient client = builder.build(); HttpPost post = new HttpPost("https://myurl.com:9999/post"); /* post has parameters - omitted */ HttpResponse response = client.execute(post); HttpEntity entity = response.getEntity(); String responseString = EntityUtils.toString(entity, "UTF-8"); int httpCode = response.getStatusLine().getStatusCode(); System.out.println(responseString); System.out.println(httpCode);

There is problem: everytime I try to connect I get

Received fatal alert: handshake_failure

Now, the weird thing is that the exact same code run via a plain java application just works and outputs

<response data> 200

The code on the server runs on Apache Tomcat 7.0.42 with Java 6, and the java application runs on Java 6.

This is how the Tomcat-SSL server connector is configured:

<Connector port="${tomcat.ssl.port}" protocol="HTTP/1.1" enableLookups="false" SSLEnabled="true" scheme="https" sslProtocol="TLS" secure="true" clientAuth="false" keystoreFile="${catalina.base}/conf/certstore/server.jks" keystorePass="123456" truststoreFile="${catalina.base}/conf/certstore/ca.jks" truststorePass="123456" URIEncoding="UTF-8" ciphers="SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA" />

These are the supported ciphers:

SSL_RSA_WITH_RC4_128_MD5 SSL_RSA_WITH_RC4_128_SHA TLS_RSA_WITH_AES_128_CBC_SHA TLS_DHE_RSA_WITH_AES_128_CBC_SHA TLS_DHE_DSS_WITH_AES_128_CBC_SHA SSL_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA SSL_RSA_WITH_DES_CBC_SHA SSL_DHE_RSA_WITH_DES_CBC_SHA SSL_DHE_DSS_WITH_DES_CBC_SHA SSL_RSA_EXPORT_WITH_RC4_40_MD5 SSL_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA TLS_EMPTY_RENEGOTIATION_INFO_SCSV

Why does the tomcat-to-tomcat connection give these problems? What should I do in order to make this code work?

Improve this question

1 Answer 1

Reset to default
1

Maybe because the JVM used by Tomcat is different from the JVM you use to execute this command manually. Newer Java versions are more strict regarding SSL connections. Some protocols are not allowed in newer versions that can throw this error.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Tomcat and Java versions were the same, both machine had Tomcat 7 with java 6u45.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.