TLS handshake Received fatal alert: internal_error

Question

in our company we use java 1.6 and Websphere server which has TLSv1.2

we are trying to call a REST API to get a token which has oauth2.0 authentication

but we are facing below issue

    Security.setProperty("ssl.SocketFactory.provider", "com.ibm.jsse2.SSLSocketFactoryImpl");
    Security.setProperty("ssl.ServerSocketFactory.provider", "com.ibm.jsse2.SSLServerSocketFactoryImpl");
    OAuthClient client = new OAuthClient(new URLConnectionClient());

    OAuthClientRequest request = OAuthClientRequest.tokenLocation(TOKEN_REQUEST_URL).setGrantType(GrantType.CLIENT_CREDENTIALS).setClientId(CLIENT_ID)
                    .setClientSecret(CLIENT_SECRET).buildQueryMessage();
    request.setBody(request.toString());
    String token = client.accessToken(request, OAuth.HttpMethod.POST, OAuthJSONAccessTokenResponse.class).getAccessToken();
    System.out.println(token.toString());

       *** ClientHello, TLSv1.2
    RandomCookie:  GMT: 1679546697 bytes = { 5, 11, 223, 210, 70, 63, 71, 130, 121, 137, 78, 134, 129, 219, 22, 80, 85, 140, 71, 132, 55, 189, 142, 66, 9, 126, 77, 180 }
    Session ID:  {}
    Cipher Suites: [SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_256_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RENEGO_PROTECTION_REQUEST]
    Compression Methods:  { 0 }
    Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA256withDSA, SHA1withDSA, MD5withRSA
    ***
    main, WRITE: TLSv1.2 Handshake, length = 103
    main, READ: TLSv1.2 Alert, length = 2
    org.apache.oltu.oauth2.common.exception.OAuthSystemException: javax.net.ssl.SSLException: Received fatal alert: internal_error
        at org.apache.oltu.oauth2.client.URLConnectionClient.execute(URLConnectionClient.java:108)
        at org.apache.oltu.oauth2.client.OAuthClient.accessToken(OAuthClient.java:65)
        at com.cmsrest.token.CmsTokenGeneration.main(CmsTokenGeneration.java:115)
    Caused by: javax.net.ssl.SSLException: Received fatal alert: internal_error
        at com.ibm.jsse2.p.a(p.java:25)
        at com.ibm.jsse2.p.a(p.java:23)
        at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:617)
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:28)
        at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:801)main, RECV TLSv1 ALERT:  fatal, internal_error
    main, called closeSocket()
    main, handling exception: javax.net.ssl.SSLException: Received fatal alert: internal_error
    main, called close()
    main, called closeInternal(true)
    
        at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:303)
        at com.ibm.jsse2.SSLSocketImpl.startHandshake(SSLSocketImpl.java:364)
        at com.ibm.net.ssl.www2.protocol.https.c.afterConnect(c.java:188)
        at com.ibm.net.ssl.www2.protocol.https.d.connect(d.java:3)
        at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1105)
        at com.ibm.net.ssl.www2.protocol.https.b.getOutputStream(b.java:11)
        at org.apache.oltu.oauth2.client.URLConnectionClient.setRequestBody(URLConnectionClient.java:124)
        at org.apache.oltu.oauth2.client.URLConnectionClient.execute(URLConnectionClient.java:91)
        ... 2 more

how can we call oauth2.0 REST API using java 1.6 if above mentioned method doesn't work

Answer 1

I thought this issue indicates a problem with the SSL/TLS handshake between the client and the server. Since you are using Java 1.6, which is an older version of Java, it may not support the required SSL/TLS cipher suites and protocols required by the server, I guess. Another point, have you check if the server certificate is trusted by your Java installation by importing the server certificate into the Java truststore ?