SSL stopped working after upgrading to 5.1

193 views

Skip to first unread message

Mike G

unread,

Oct 2, 2020, 2:40:15 PM10/2/20

to CommandBox

I was on Commandbox 5.0.XXX (not sure exact version) and had SSL working for the past month or so without issue. I followed a guide on https://zeropointdevelopment.com/how-to-get-https-working-in-windows-10-localhost-dev-environment/ to get the SSL certs setup.

Today I decided to upgrade Box to the latest version and then started the server and am having issues with SSL working now.

CommandBox Version: 5.1.1+00191

* CFML Engine: Lucee

* CFML Version: 5.3.6.61 stable (Gelert)

* Java Version: 1.8.0_261 (Oracle Corporation)

* JLine Terminal org.jline.terminal.impl.jansi.win.JansiWinSysTerminal

* Runwar Version 4.1.2 (C:\Users\******\Utilities\CommandBox\lib\runwar-4.1.2.jar)

My server.json file is setup like this, and has been working.

"SSL":{

"enable":true,

"port":443,

"certFile":"../config/ssl/research.local.crt",

"keyFile":"../config/ssl/research.local.key"

...

If I turn off SSL the site loads fine, but if I turn it on I get the follow error on startup and the site doesn't load over https. I went through the guide again and re-generated my SSL certificates just in case something happened there, but it didn't help.

[TRACE] org.xnio.listener: Invoking listener Delegating channel listener -> Accepting listener for io.undertow.server.protocol.http.HttpOpenListener@2ce60024 on channel TCP server (NIO) <69e48bdc>

[TRACE] org.xnio.listener: Invoking listener Accepting listener for io.undertow.server.protocol.http.HttpOpenListener@2ce60024 on channel io.undertow.protocols.ssl.UndertowAcceptingSslChannel@3cf5097f

[TRACE] org.xnio.listener: Invoking listener io.undertow.server.protocol.http.HttpOpenListener@2ce60024 on channel io.undertow.protocols.ssl.UndertowSslConnection@7b2ae56b

[TRACE] io.undertow.request: Opened connection with /127.0.0.1:64735

[TRACE] org.xnio.nio.selector: Beginning select on sun.nio.ch.WindowsSelectorImpl@71d28e1b (with timeout)

[TRACE] org.xnio.nio.selector: Selected on sun.nio.ch.WindowsSelectorImpl@71d28e1b

[TRACE] org.xnio.nio: Running task io.undertow.protocols.ssl.SslConduit$5$1@f5c1d28

[TRACE] org.xnio.nio: Running task io.undertow.protocols.ssl.SslConduit$2@2371b015

[TRACE] org.xnio.listener: Invoking listener io.undertow.server.protocol.http.HttpReadListener@5e079b25 on channel org.xnio.conduits.ConduitStreamSourceChannel@79705780

[TRACE] org.xnio.nio.selector: Beginning select on sun.nio.ch.WindowsSelectorImpl@71d28e1b (with timeout)

[TRACE] org.xnio.nio.selector: Selected on sun.nio.ch.WindowsSelectorImpl@71d28e1b

[TRACE] org.xnio.nio.selector: Selected key sun.nio.ch.SelectionKeyImpl@7f156e51 for java.nio.channels.SocketChannel[connected local=/127.0.0.1:443 remote=/127.0.0.1:64735]

[TRACE] org.xnio.listener: Invoking listener io.undertow.server.protocol.http.HttpReadListener@5e079b25 on channel org.xnio.conduits.ConduitStreamSourceChannel@79705780

[TRACE] org.xnio.nio.selector: Beginning select on sun.nio.ch.WindowsSelectorImpl@71d28e1b (with timeout)

[TRACE] org.xnio.nio.selector: Selected on sun.nio.ch.WindowsSelectorImpl@71d28e1b

[TRACE] org.xnio.nio: Running task io.undertow.protocols.ssl.SslConduit$5$1@38755b03

[TRACE] io.undertow.request.io: Exception closing read side of SSL channel

javax.net.ssl.SSLException: closing inbound before receiving peer's close_notify

at sun.security.ssl.Alert.createSSLException(Unknown Source)

at sun.security.ssl.TransportContext.fatal(Unknown Source)

at sun.security.ssl.SSLEngineImpl.closeInbound(Unknown Source)

at io.undertow.protocols.ssl.SNISSLEngine.closeInbound(SNISSLEngine.java:116)

at io.undertow.protocols.ssl.SslConduit.notifyReadClosed(SslConduit.java:612)

at io.undertow.protocols.ssl.SslConduit.closed(SslConduit.java:1020)

at io.undertow.protocols.ssl.SslConduit.close(SslConduit.java:1118)

at io.undertow.protocols.ssl.SslConduit.doUnwrap(SslConduit.java:820)

at io.undertow.protocols.ssl.SslConduit.doHandshake(SslConduit.java:648)

at io.undertow.protocols.ssl.SslConduit.access$900(SslConduit.java:63)

at io.undertow.protocols.ssl.SslConduit$5$1.run(SslConduit.java:1084)

at org.xnio.nio.WorkerThread.safeRun(WorkerThread.java:582)

at org.xnio.nio.WorkerThread.run(WorkerThread.java:466)

[TRACE] org.xnio.listener: Invoking listener io.undertow.server.AbstractServerConnection$CloseSetter@21feb105 on channel io.undertow.protocols.ssl.UndertowSslConnection@7b2ae56b

[TRACE] org.xnio.safe-close: Closing resource org.xnio.nio.NioSocketStreamConnection@62916199

[TRACE] org.xnio.nio: Cancelling key sun.nio.ch.SelectionKeyImpl@7f156e51 of java.nio.channels.SocketChannel[connected local=/127.0.0.1:443 remote=/127.0.0.1:64735] (same thread)

[ERROR] io.undertow.request: Closing SSLConduit after exception on handshake

javax.net.ssl.SSLHandshakeException: Could not generate secret

at sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.t13DeriveKey(Unknown Source)

at sun.security.ssl.ECDHKeyExchange$ECDHEKAKeyDerivation.deriveKey(Unknown Source)

at sun.security.ssl.ServerHello$T13ServerHelloProducer.produce(Unknown Source)

at sun.security.ssl.SSLHandshake.produce(Unknown Source)

at sun.security.ssl.ClientHello$T13ClientHelloConsumer.goServerHello(Unknown Source)

at sun.security.ssl.ClientHello$T13ClientHelloConsumer.consume(Unknown Source)

at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(Unknown Source)

at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(Unknown Source)

at sun.security.ssl.SSLHandshake.consume(Unknown Source)

at sun.security.ssl.HandshakeContext.dispatch(Unknown Source)

at sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(Unknown Source)

at java.security.AccessController.doPrivileged(Native Method)

at sun.security.ssl.SSLEngineImpl$DelegatedTask.run(Unknown Source)

at io.undertow.protocols.ssl.SslConduit$5.run(SslConduit.java:1072)

at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

at java.lang.Thread.run(Unknown Source)

Caused by: java.security.InvalidKeyException: Invalid key

at com.rsa.cryptoj.o.mc.a(Unknown Source)

at com.rsa.cryptoj.o.mc.engineInit(Unknown Source)

at javax.crypto.Mac.init(Mac.java:413)

at sun.security.ssl.HKDF.extract(Unknown Source)

Earlier in the start output I see the SSL being setup and appears to be correct. Removed some info with ***.

[INFO ] Runwar: Enabling SSL protocol on port 443

[DEBUG] Runwar: disabling com.sun.net.ssl.enableECC

[DEBUG] Runwar: Creating SSL context from cert: [C:\Users\***\config\ssl\research.local.crt] key: [C:\Users\***\config\ssl\research.local.key]

[DEBUG] Runwar: Using default store passphrase of 'password'

[TRACE] org.xnio.safe-close: Closing resource java.io.FileInputStream@42f93a98

[TRACE] org.xnio.safe-close: Closing resource java.io.DataInputStream@c46bcd4

[TRACE] org.xnio.safe-close: Closing resource java.io.FileInputStream@3234e239

[TRACE] org.xnio.safe-close: Closing resource java.io.DataInputStream@3d921e20

[DEBUG] Runwar: One certificate, no chain:

[DEBUG] Runwar: X.509 certificate, public key [ RSA ] C=US,ST=New York,L=***,O=***,OU=RIS,CN=research.local,E=***

[DEBUG] Runwar: Adding key to store - alias:[serverkey] type:[RSA PKCS#8] passphrase:[********] certs in chain:[1]

[DEBUG] Runwar: UsingTSL

[DEBUG] Runwar: host:research.local

[DEBUG] Runwar: Creating SNI SSL context for hosts: [research.local]

Any ideas on what might have happened? Not sure how else to test this, or what's causing the issue. Thanks.

Mike G

unread,

Oct 13, 2020, 4:20:04 PM10/13/20

to CommandBox, Mike G

I finally figured out the reason. I was using an external JRE. Shown above:

1.8.0_261 (Oracle Corporation)

It was upgraded right before SSL broke. It appears Commandbox isn't fully compatible with that. I tried downgrading commandbox (without JRE) all the way to 4.6 and it still didn't work. I finally tried the latest version with the JRE included and it worked again! Lesson learned. Just stick with the built in JRE.

Reply all

Reply to author

Forward

0 new messages