I received javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

java ssl apache-httpclient-4.x

35,895

Solution 1

Thanks for your answer! I was setting a proxy for

HttpHost proxy = new HttpHost("proxy.com", 911, "http");
RequestConfig config = RequestConfig.custom().setProxy(proxy).build();

I changed this way by the following:

System.setProperty("http.proxyHost", "proxy.com");
System.setProperty("http.proxyPort", "911");

And that is working successfully. I don't know why the before way is not working well.

Solution 2

If the server site closed directly after receiving the ClientHello this can just be anything, like:

a firewall between you and the server blocking the connection
server croaking because it can not deal with the ciphers or protocol version offered by the client
misconfigured server
wrong hostname used
...

To narrow down the cause try with other clients, like various web browsers, curl etc. If they succeed look at the SSL handshake to find out what they are doing different (i.e. different ciphers or protocols). If they fail too look at the server side for errors and try to make sure that the packets are received at the server at all, i.e. that no firewall is blocking the traffic.

35,895

Author by

Héctor

Updated on February 23, 2020

Comments

Héctor about 4 years

When I tried to make a ajax call with httpclient 4.4.1 to hit a web service that it is located in other site, and I'm seeing the following problem:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:185)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:369)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:415)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at utilities.Utilities.executeRequest(Utilities.java:229)
at utilities.Utilities.makePost(Utilities.java:301)
at utilities.Utilities.makePost(Utilities.java:307)
at utilities.AudioUtteranceUtilities.createAudioUtterance(AudioUtteranceUtilities.java:21)
at dataset.tst_preprod.CommonSteps.createDataSet(CommonSteps.java:35)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.jbehave.core.steps.StepCreator$MethodInvoker.invoke(StepCreator.java:798)
at org.jbehave.core.steps.StepCreator$BeforeOrAfterStep.perform(StepCreator.java:489)
at org.jbehave.core.embedder.StoryRunner$FineSoFar.run(StoryRunner.java:535)
at org.jbehave.core.embedder.StoryRunner.runStepsWhileKeepingState(StoryRunner.java:515)
at org.jbehave.core.embedder.StoryRunner.runBeforeOrAfterStorySteps(StoryRunner.java:460)
at org.jbehave.core.embedder.StoryRunner.runCancellable(StoryRunner.java:268)
at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:220)
at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:181)
at org.jbehave.core.embedder.StoryManager$EnqueuedStory.call(StoryManager.java:262)
at org.jbehave.core.embedder.StoryManager$EnqueuedStory.call(StoryManager.java:229)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 38 more

I have jre8 and the debug is the following

            *** ClientHello, TLSv1.2
        RandomCookie:  GMT: 1422120426 bytes = { 181, 85, 212, 79, 3, 50, 253, 71, 166, 7, 222, 228, 188, 111, 117, 149, 155, 68, 136, 84, 225, 133, 134, 154, 8, 102, 86, 188 }
        Session ID:  {}
        Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
        Compression Methods:  { 0 }
        Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
        Extension ec_point_formats, formats: [uncompressed]
        Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
        Extension server_name, server_name: [type=host_name (0), value=ldsnewtst01.amr.corp.intel.com]
        ***
        [write] MD5 and SHA1 hashes:  len = 246
        0000: 01 00 00 F2 03 03 55 C4   D6 EA B5 55 D4 4F 03 32  ......U....U.O.2
        0010: FD 47 A6 07 DE E4 BC 6F   75 95 9B 44 88 54 E1 85  .G.....ou..D.T..
        0020: 86 9A 08 66 56 BC 00 00   46 C0 23 C0 27 00 3C C0  ...fV...F.#.'.<.
        0030: 25 C0 29 00 67 00 40 C0   09 C0 13 00 2F C0 04 C0  %.).g.@...../...
        0040: 0E 00 33 00 32 C0 2B C0   2F 00 9C C0 2D C0 31 00  ..3.2.+./...-.1.
        0050: 9E 00 A2 C0 08 C0 12 00   0A C0 03 C0 0D 00 16 00  ................
        0060: 13 C0 07 C0 11 00 05 C0   02 C0 0C 00 04 00 FF 01  ................
        0070: 00 00 83 00 0A 00 34 00   32 00 17 00 01 00 03 00  ......4.2.......
        0080: 13 00 15 00 06 00 07 00   09 00 0A 00 18 00 0B 00  ................
        0090: 0C 00 19 00 0D 00 0E 00   0F 00 10 00 11 00 02 00  ................
        00A0: 12 00 04 00 05 00 14 00   08 00 16 00 0B 00 02 01  ................
        00B0: 00 00 0D 00 1A 00 18 06   03 06 01 05 03 05 01 04  ................
        00C0: 03 04 01 03 03 03 01 02   03 02 01 02 02 01 01 00  ................
        00D0: 00 00 23 00 21 00 00 1E   6C 64 73 6E 65 77 74 73  ..#.!...ldsnewts
        00E0: 74 30 31 2E 61 6D 72 2E   63 6F 72 70 2E 69 6E 74  t01.amr.corp.int
        00F0: 65 6C 2E 63 6F 6D                                  el.com
        pool-1-thread-1, WRITE: TLSv1.2 Handshake, length = 246
        [Raw write]: length = 251
        0000: 16 03 03 00 F6 01 00 00   F2 03 03 55 C4 D6 EA B5  ...........U....
        0010: 55 D4 4F 03 32 FD 47 A6   07 DE E4 BC 6F 75 95 9B  U.O.2.G.....ou..
        0020: 44 88 54 E1 85 86 9A 08   66 56 BC 00 00 46 C0 23  D.T.....fV...F.#
        0030: C0 27 00 3C C0 25 C0 29   00 67 00 40 C0 09 C0 13  .'.<.%.).g.@....
        0040: 00 2F C0 04 C0 0E 00 33   00 32 C0 2B C0 2F 00 9C  ./.....3.2.+./..
        0050: C0 2D C0 31 00 9E 00 A2   C0 08 C0 12 00 0A C0 03  .-.1............
        0060: C0 0D 00 16 00 13 C0 07   C0 11 00 05 C0 02 C0 0C  ................
        0070: 00 04 00 FF 01 00 00 83   00 0A 00 34 00 32 00 17  ...........4.2..
        0080: 00 01 00 03 00 13 00 15   00 06 00 07 00 09 00 0A  ................
        0090: 00 18 00 0B 00 0C 00 19   00 0D 00 0E 00 0F 00 10  ................
        00A0: 00 11 00 02 00 12 00 04   00 05 00 14 00 08 00 16  ................
        00B0: 00 0B 00 02 01 00 00 0D   00 1A 00 18 06 03 06 01  ................
        00C0: 05 03 05 01 04 03 04 01   03 03 03 01 02 03 02 01  ................
        00D0: 02 02 01 01 00 00 00 23   00 21 00 00 1E 6C 64 73  .......#.!...lds
        00E0: 6E 65 77 74 73 74 30 31   2E 61 6D 72 2E 63 6F 72  newtst01.amr.cor
        00F0: 70 2E 69 6E 74 65 6C 2E   63 6F 6D                 p.intel.com
        pool-1-thread-1, received EOFException: error
        pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
        pool-1-thread-1, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
        pool-1-thread-1, WRITE: TLSv1.2 Alert, length = 2
        [Raw write]: length = 7
        0000: 15 03 03 00 02 02 28                               ......(
        pool-1-thread-1, called closeSocket()

I have started to have this problem yesterday, before this worked successfully, I could make ajax call successfully, but now I'm getting that error

user207421 almost 9 years

Unlikely to be a firewall. That would cause a connection timeout.
Steffen Ullrich almost 9 years

@EJP: SSL intercepting firewalls often cause a connection close after they've parsed the ClientHello and decided hat the client is not allowed to access this target host. They don't simply drop the ClientHello but actively close the connection.
Salman over 7 years

After checking with the server side they advised to use TLS1.1 or TLS1.2. I did that from the java application like System.setProperty("https.protocols", "TLSv1.1,TLSv1.2"); but still I am getting the same exception from the server side javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Steffen Ullrich over 7 years

@Salman: new questions should not be posted as comments. There are lots of reasons you might get this error and there are lots of questions about this topic at this site