0

I am launching a JNLP downloaded from my web application. After being prompted with a Java Security Warning prompt, the application can run successfully if the user response is within 2-3 seconds. However, if the user took more than 3 seconds to respond to the Java Security Warning prompt, the application fails to run with error with the following socket exception: 

 javax.net.ssl.SSLHandshakeException: Remote host closed connection during 

handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake

(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.startHandshake

(SSLSocketImpl.java:1339)
    at sun.security.ssl.SSLSocketImpl.startHandshake

(SSLSocketImpl.java:1323)
    at sun.net.www.protocol.https.HttpsClient.afterConnect

(HttpsClient.java:563)
    at 

sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect

(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream

(HttpURLConnection.java:1300)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream

(HttpsURLConnectionImpl.java:254)
    at com.sun.deploy.net.HttpUtils.followRedirects(Unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doRequest(Unknown Source)
    at com.sun.deploy.net.BasicHttpRequest.doGetRequestEX(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.checkUpdateAvailable

(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.isUpdateAvailable(Unknown 

Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.deploy.cache.ResourceProviderImpl.getResource(Unknown Source)
    at com.sun.javaws.LaunchDownload$DownloadTask.call(Unknown Source)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker

(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run

(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:482)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
    ... 19 more

Java Security Warning

Exception

Additional Info: I have checked the ports and they were pointing on the correct port numbers and TLS value also matched. The certificates were also added under cacerts.

Question: What causes the exception when response to the security prompt reaches more than 3-5 seconds? and how can I avoid the mentioned exception(possibly increase the waiting time)?

Actions done: 1. Add connectionTimeout attribute in Tomcat connector, but still, after 5 seconds of waiting time to respond to the Java Security Warning, the application still fails to launch.

James
  • 1
  • 1
  • 1
  • 1

2 Answers2

1

This is most easily controlled by the https.protocols system property. This is how you are able to control what the factory method returns. Set to "TLSv1" for example.

It leads to problems when you want to use two protocols instead of one. For example, SSLv3 and TLSv1. This -Dhttps.protocols=TLSv1,SSLv3 will lead to exceptions if you try to connect either SSLv3 or TLSv1.

Please check this answer. How to make Java 6, which fails SSL connection with "SSL peer shut down incorrectly", succeed like Java 7?

victor sosa
  • 899
  • 13
  • 27
0

I was facing the same problem, then I switched from JRE1.7 to JRE1.8 of course for reason TLS1.2 More references

Gaurav Lad
  • 1,788
  • 1
  • 16
  • 30