I received javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Solution 1
Thanks for your answer! I was setting a proxy for
HttpHost proxy = new HttpHost("proxy.com", 911, "http");
RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
I changed this way by the following:
System.setProperty("http.proxyHost", "proxy.com");
System.setProperty("http.proxyPort", "911");
And that is working successfully. I don't know why the before way is not working well.
Solution 2
If the server site closed directly after receiving the ClientHello this can just be anything, like:
- a firewall between you and the server blocking the connection
- server croaking because it can not deal with the ciphers or protocol version offered by the client
- misconfigured server
- wrong hostname used
- ...
To narrow down the cause try with other clients, like various web browsers, curl etc. If they succeed look at the SSL handshake to find out what they are doing different (i.e. different ciphers or protocols). If they fail too look at the server side for errors and try to make sure that the packets are received at the server at all, i.e. that no firewall is blocking the traffic.
Héctor
Updated on February 23, 2020Comments
-
Héctor about 4 years
When I tried to make a ajax call with httpclient 4.4.1 to hit a web service that it is located in other site, and I'm seeing the following problem:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:185) at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:369) at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:415) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) at utilities.Utilities.executeRequest(Utilities.java:229) at utilities.Utilities.makePost(Utilities.java:301) at utilities.Utilities.makePost(Utilities.java:307) at utilities.AudioUtteranceUtilities.createAudioUtterance(AudioUtteranceUtilities.java:21) at dataset.tst_preprod.CommonSteps.createDataSet(CommonSteps.java:35) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source) at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source) at java.lang.reflect.Method.invoke(Unknown Source) at org.jbehave.core.steps.StepCreator$MethodInvoker.invoke(StepCreator.java:798) at org.jbehave.core.steps.StepCreator$BeforeOrAfterStep.perform(StepCreator.java:489) at org.jbehave.core.embedder.StoryRunner$FineSoFar.run(StoryRunner.java:535) at org.jbehave.core.embedder.StoryRunner.runStepsWhileKeepingState(StoryRunner.java:515) at org.jbehave.core.embedder.StoryRunner.runBeforeOrAfterStorySteps(StoryRunner.java:460) at org.jbehave.core.embedder.StoryRunner.runCancellable(StoryRunner.java:268) at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:220) at org.jbehave.core.embedder.StoryRunner.run(StoryRunner.java:181) at org.jbehave.core.embedder.StoryManager$EnqueuedStory.call(StoryManager.java:262) at org.jbehave.core.embedder.StoryManager$EnqueuedStory.call(StoryManager.java:229) at java.util.concurrent.FutureTask.run(Unknown Source) at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) at java.lang.Thread.run(Unknown Source) Caused by: java.io.EOFException: SSL peer shut down incorrectly at sun.security.ssl.InputRecord.read(Unknown Source) ... 38 more
I have jre8 and the debug is the following
*** ClientHello, TLSv1.2 RandomCookie: GMT: 1422120426 bytes = { 181, 85, 212, 79, 3, 50, 253, 71, 166, 7, 222, 228, 188, 111, 117, 149, 155, 68, 136, 84, 225, 133, 134, 154, 8, 102, 86, 188 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA Extension server_name, server_name: [type=host_name (0), value=ldsnewtst01.amr.corp.intel.com] *** [write] MD5 and SHA1 hashes: len = 246 0000: 01 00 00 F2 03 03 55 C4 D6 EA B5 55 D4 4F 03 32 ......U....U.O.2 0010: FD 47 A6 07 DE E4 BC 6F 75 95 9B 44 88 54 E1 85 .G.....ou..D.T.. 0020: 86 9A 08 66 56 BC 00 00 46 C0 23 C0 27 00 3C C0 ...fV...F.#.'.<. 0030: 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 C0 %.).g.@...../... 0040: 0E 00 33 00 32 C0 2B C0 2F 00 9C C0 2D C0 31 00 ..3.2.+./...-.1. 0050: 9E 00 A2 C0 08 C0 12 00 0A C0 03 C0 0D 00 16 00 ................ 0060: 13 C0 07 C0 11 00 05 C0 02 C0 0C 00 04 00 FF 01 ................ 0070: 00 00 83 00 0A 00 34 00 32 00 17 00 01 00 03 00 ......4.2....... 0080: 13 00 15 00 06 00 07 00 09 00 0A 00 18 00 0B 00 ................ 0090: 0C 00 19 00 0D 00 0E 00 0F 00 10 00 11 00 02 00 ................ 00A0: 12 00 04 00 05 00 14 00 08 00 16 00 0B 00 02 01 ................ 00B0: 00 00 0D 00 1A 00 18 06 03 06 01 05 03 05 01 04 ................ 00C0: 03 04 01 03 03 03 01 02 03 02 01 02 02 01 01 00 ................ 00D0: 00 00 23 00 21 00 00 1E 6C 64 73 6E 65 77 74 73 ..#.!...ldsnewts 00E0: 74 30 31 2E 61 6D 72 2E 63 6F 72 70 2E 69 6E 74 t01.amr.corp.int 00F0: 65 6C 2E 63 6F 6D el.com pool-1-thread-1, WRITE: TLSv1.2 Handshake, length = 246 [Raw write]: length = 251 0000: 16 03 03 00 F6 01 00 00 F2 03 03 55 C4 D6 EA B5 ...........U.... 0010: 55 D4 4F 03 32 FD 47 A6 07 DE E4 BC 6F 75 95 9B U.O.2.G.....ou.. 0020: 44 88 54 E1 85 86 9A 08 66 56 BC 00 00 46 C0 23 D.T.....fV...F.# 0030: C0 27 00 3C C0 25 C0 29 00 67 00 40 C0 09 C0 13 .'.<.%.).g.@.... 0040: 00 2F C0 04 C0 0E 00 33 00 32 C0 2B C0 2F 00 9C ./.....3.2.+./.. 0050: C0 2D C0 31 00 9E 00 A2 C0 08 C0 12 00 0A C0 03 .-.1............ 0060: C0 0D 00 16 00 13 C0 07 C0 11 00 05 C0 02 C0 0C ................ 0070: 00 04 00 FF 01 00 00 83 00 0A 00 34 00 32 00 17 ...........4.2.. 0080: 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A ................ 0090: 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 ................ 00A0: 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 16 ................ 00B0: 00 0B 00 02 01 00 00 0D 00 1A 00 18 06 03 06 01 ................ 00C0: 05 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 ................ 00D0: 02 02 01 01 00 00 00 23 00 21 00 00 1E 6C 64 73 .......#.!...lds 00E0: 6E 65 77 74 73 74 30 31 2E 61 6D 72 2E 63 6F 72 newtst01.amr.cor 00F0: 70 2E 69 6E 74 65 6C 2E 63 6F 6D p.intel.com pool-1-thread-1, received EOFException: error pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake pool-1-thread-1, SEND TLSv1.2 ALERT: fatal, description = handshake_failure pool-1-thread-1, WRITE: TLSv1.2 Alert, length = 2 [Raw write]: length = 7 0000: 15 03 03 00 02 02 28 ......( pool-1-thread-1, called closeSocket()
I have started to have this problem yesterday, before this worked successfully, I could make ajax call successfully, but now I'm getting that error
-
user207421 almost 9 yearsUnlikely to be a firewall. That would cause a connection timeout.
-
Steffen Ullrich almost 9 years@EJP: SSL intercepting firewalls often cause a connection close after they've parsed the ClientHello and decided hat the client is not allowed to access this target host. They don't simply drop the ClientHello but actively close the connection.
-
Salman over 7 yearsAfter checking with the server side they advised to use TLS1.1 or TLS1.2. I did that from the java application like
System.setProperty("https.protocols", "TLSv1.1,TLSv1.2");
but still I am getting the same exception from the server sidejavax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
-
Steffen Ullrich over 7 years@Salman: new questions should not be posted as comments. There are lots of reasons you might get this error and there are lots of questions about this topic at this site