javax.net.ssl.SSLException: Received close_notify during handshake

Question

I am running a standalone application with Java 1.7.0_80 and using below configuration to set TLSv1.2 and httpclient 4.5.13, but getting the below error on execution.

After upgrading to java 1.8 , it works fine, but need to get it working on "Java 1.7.0_80" .

SSLContext sslContext = SSLContext.getInstance("TLSv1.2");
        sslContext.init(null, null, null);
        SSLContext.setDefault(sslContext);
        SSLConnectionSocketFactory f = new SSLConnectionSocketFactory(sslContext, new String[]{"TLSv1.2"}, null, SSLConnectionSocketFactory.BROWSER_COMPATIBLE_HOSTNAME_VERIFIER);
        this.httpclient = HttpClients.custom().setSSLSocketFactory(f).build();

        HttpPost httpmethod = new HttpPost(url);

        if (this.httpclient != null) {

            ResponseHandler<String> responseHandler = new BasicResponseHandler();

            String responseBody = httpclient.execute(httpmethod, responseHandler);
           
            }

        }

    trigger seeding of SecureRandom
done seeding SecureRandom
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1632740333 bytes = { 95, 97, 177, 71, 184, 21, 72, 221, 215, 16, 192, 26, 206, 43, 149, 19, 2, 216, 66, 156, 4, 233, 56, 89, 49, 191, 83, 247 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name:
    WRITE: TLSv1.2 Handshake, length = 225
    READ: TLSv1.2 Alert, length = 2
    RECV TLSv1 ALERT:  warning, close_notify
    SEND TLSv1 ALERT:  fatal, description = unexpected_message
    WRITE: TLSv1 Alert, length = 2
    called closeSocket()
    handling exception: javax.net.ssl.SSLException: Received close_notify during 
    handshake

This is causing the Issue, need to know how to override protocolversion.Default value

Have tried with System.setProperty("https.protocols", "TLSv1.2"); // System.setProperty("jdk.tls.client.protocols", "TLSv1.2"); — Sumit Thakur, Sep 28 '21 at 14:18
Does this answer your question? [How to enable TLS 1.2 in Java 7](https://stackoverflow.com/questions/39157422/how-to-enable-tls-1-2-in-java-7) — dope, Sep 28 '21 at 15:06
Hey @dope, No, I have tried approaches given in above answers but still error is same. — Sumit Thakur, Sep 28 '21 at 15:20
My machine java is set to java --version Picked up JAVA_TOOL_OPTIONS: -Dhttps.protocols=TLSv1.2 openjdk 11.0.10 2021-01-19 LTS OpenJDK Runtime Environment Corretto-11.0.10.9.1 (build 11.0.10+9-LTS) OpenJDK 64-Bit Server VM Corretto-11.0.10.9.1 (build 11.0.10+9-LTS, mixed mode) , but I am running above from intellij , where I have specifically set build path to Java 1.7 : "/Library/Java/JavaVirtualMachines/jdk1.7.0_80.jdk/Contents/Home/bin/java "-javaagent:/Applications/IntelliJ IDEA.app/Contents/lib/idea_rt.jar=65059:/Applications/IntelliJ IDEA.app/Contents/bin" — Sumit Thakur, Sep 29 '21 at 14:26
I have identified the Issue , but solution is yet to be found. "this.protocolVersion = ProtocolVersion.DEFAULT" is getting set to "TLS10" in SSLSocketImpl.class , need to know how to override this value as this is kind of hardcoded in constructor. — Sumit Thakur, Sep 29 '21 at 14:31
You can try building the http client like this - https://www.baeldung.com/apache-httpclient-tls — dope, Sep 29 '21 at 18:42
Also, could you share the full SSL debug logs? use -Djavax.net.debug=all (or just ssl) — dope, Sep 29 '21 at 18:44

javax.net.ssl.SSLException: Received close_notify during handshake

0 Answers0