javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

10,128 views
Skip to first unread message

FChapuis

unread,
Feb 24, 2014, 5:59:18 AM2/24/14
to membrane...@googlegroups.com
Hi,

I try to configure Membrane Router to enable clients that do not support SSL to communicate with a SSL secured server.
After some problem with my own SSL server and to avoid Certificate issue, I've try to use Membrane sample include in package (examples/ssl-client).

I have customize the proxies.xml example to add my proxy configuration :


        <router>
                <httpClientConfig>
                        <proxy host="gateway.xxx.yyyy.net" port="80" />
                </httpClientConfig>
                <serviceProxy port="8880">
                        <target host="www.google.de" port="443">
                                <ssl ignoreTimestampCheckFailure="true" />
                        </target>
                </serviceProxy>
        </router>

 
You can see errors log in file attachment, see an extract here :

Extension server_name, server_name: [host_name: gateway.xxxx.yyyyy.net]
***
RouterThread /172.31.170.152:2105, WRITE: TLSv1 Handshake, length = 202
RouterThread /172.31.170.152:2105, received EOFException: error
RouterThread /172.31.170.152:2105, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
RouterThread /172.31.170.152:2105, SEND TLSv1 ALERT:  fatal, description = handshake_failure
RouterThread /172.31.170.152:2105, WRITE: TLSv1 Alert, length = 2
RouterThread /172.31.170.152:2105, called closeSocket()
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
[...]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(InputRecord.java:352)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:893)
        ... 17 more

In fact this exactly the same error than I do my first test with my own SSL server.

I'm very new to membrane, perhaps I have forget something...
Any help are very appreciate.

Thanks by advance,

Best Regards.



ssl-client_sample_error.txt

Thomas Bayer

unread,
Feb 24, 2014, 10:28:50 AM2/24/14
to membrane...@googlegroups.com
Hi,
can you run it with the -Djavax.net.debug=all option set in the bat or sh file? Then have a look at the log and post it here.

--
Thomas

FChapuis

unread,
Feb 24, 2014, 10:48:35 AM2/24/14
to membrane...@googlegroups.com
Thanks to take time to answer me.
You can see debug log in file attachment with javax.net.debug
runtrace.txt

FChapuis

unread,
Feb 25, 2014, 9:00:09 AM2/25/14
to membrane...@googlegroups.com
Hi,

More news today.
I've try to make a test with a java core batch in the same context (same server, same proxy...) :

public static void main(String[] args) throws Exception {
CloseableHttpClient httpclient = HttpClients.createDefault();
try {
HttpHost target = new HttpHost("www.google.de", 443, "https");
HttpHost proxy = new HttpHost("gateway.xxxx.zzzzz.net", 80, "http");

RequestConfig config = RequestConfig.custom().setProxy(proxy).build();
HttpGet request = new HttpGet("/");
request.setConfig(config);

CloseableHttpResponse response = httpclient.execute(target, request);
try {
System.out.println(response.getStatusLine());
EntityUtils.consume(response.getEntity());
}

--> It's work : HTTP/1.1 200 OK

If I switch "http" by "https" in this line 
HttpHost proxy = new HttpHost("gateway.xxxx.zzzzz.net", 80, "https");
 
I get the same error than with membrane :
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake [...]


--> It's sounds like membrane try to access to my proxy server with HTTPS protocol instead HTTP.

Do you know how can I force membrane to access to my proxy with HTTP protocol ?

Best Regards.

Thomas Bayer

unread,
Feb 27, 2014, 3:12:35 AM2/27/14
to membrane...@googlegroups.com
Hi,
thanks for the log and the description. We are going to reproduce the error and fix it. See the issue at github: https://github.com/membrane/service-proxy/issues/145

thanks,
thomas


https://github.com/membrane/service-proxy/issues/145

Am 25/02/14 15:00, schrieb FChapuis:
--
You received this message because you are subscribed to the Google Groups "membrane-monitor" group.
To unsubscribe from this group and stop receiving emails from it, send an email to membrane-monit...@googlegroups.com.
To post to this group, send email to membrane...@googlegroups.com.
Visit this group at http://groups.google.com/group/membrane-monitor.
For more options, visit https://groups.google.com/groups/opt_out.

FChapuis

unread,
Mar 3, 2014, 8:04:51 AM3/3/14
to membrane...@googlegroups.com
Hi Thomas,

Thanks a lot.
If you need more information to reproduce the issue do not hesitate to ask me.

In the meantime, are you see a workaround to unlock my situation (like a "hard coded" quick fix) ?

Best regards,

Fabrice Chapuis.
Reply all
Reply to author
Forward
0 new messages