1

My java version is 1.6 and connect to a server over ssl using axis 2 stub; all used to work fine. It seems like they did some upgrade (apache2.4) and the ssl handshake doesn't happen anymore. I receive javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake error. Just for testing purpose, I locally installed jdk 8 and tested it works fine. Is there any way to make this work using jdk1.6? It is not possible to upgrade jdk now.

leppie
  • 115,091
  • 17
  • 196
  • 297
Srisfti
  • 157
  • 2
  • 3
  • 10
  • "It is not possible to upgrade jdk now." You do know that JDK 1.6 is not supported anymore, right? A good Java application should seamlessly (or at least easily) run on newer versions. You could possibly try another SSL implementation, SSL implementations are [plugable](https://jce.iaik.tugraz.at/sic/Products/Communication-Messaging-Security/iSaSiLk) (payware) in Java. – Maarten Bodewes Nov 18 '14 at 19:17

2 Answers2

3

It is hard to tell without more details but I guess that the server either requires a TLS version unsupported by JDK 6 (e.g. TLS 1.1 or TLS 1.2) or uses ciphers which are not supported by JDK 6 yet. Another option might be that the server needs SNI (server name indication) which is not supported by JDK 6. If the problem is any of these things you are unfortunately out of luck with JDK 6.

I suggest you check with SSLLabs to get more details about the problem. They show also compatibility information regarding various JDK versions.

Steffen Ullrich
  • 114,247
  • 10
  • 131
  • 172
  • Steffen, Please let me know what details do you need? Thanks. – Srisfti Nov 18 '14 at 19:06
  • First, have you tried ssllabs? If the server is public the URL would be good to know so that one can have a look at the server. – Steffen Ullrich Nov 18 '14 at 19:18
  • it's not a public url. I cannot check with ssllabs. Thanks. – Srisfti Nov 18 '14 at 19:27
  • Then it is very hard to help, because SSL debugging is hard even with access to the server. You could give https://github.com/noxxi/p5-io-socket-ssl/blob/master/util/analyze-ssl.pl a try to analyze the server but you need to have a Perl with a very recent IO::Socket::SSL and Net::SSLeay to use this program. There might be other SSL analyzers you could you to find out ciphers and protocols supported by the server. If it is an internal server you might also talk to the ones which setup the system and point out your problem. – Steffen Ullrich Nov 18 '14 at 20:10
  • 1
    If it's not public, it's often possible to use OpenSSL internally: `openssl s_client -servername the.host.name -connect the.host.name:443` (that's with SNI) and without `-servername the.host.name` not to use SNI. You can also use `-ssl3`, `-tls1`, `-tls1_1`, `-tls1_2` to try different SSL/TLS versions. There are options for cipher suites too. – Bruno Nov 19 '14 at 01:36
0

You could try using a 3rd party JCE provider, Bouncy Castle comes into mind: https://www.bouncycastle.org

cudiaco
  • 432
  • 1
  • 6
  • 21
  • 1
    Refer here for sample code using jdk1.6.0_45 and bcprov-jdk15on-153.jar http://stackoverflow.com/questions/18065170/how-do-i-do-tls-with-bouncycastle/33122393#33122393 – oraclesoon Oct 14 '15 at 10:05
  • Another example of sample code: https://stackoverflow.com/a/44781379/1795426 – user11153 Feb 13 '20 at 14:12