"java.io.EOFException: null" when connecting host with TLS v 1.2 enabled

[Kumar Kaliappan]

Hi team,

My Springboot rest application(jdk 17 and jpos 2.0.0) is deployed in GKE and trying to connect the host(which is TLS v 1.2 protocol enabled) via Postchannel and send message.

I don't get any error while connecting the host and sending the message. When receiving the message, I get the below error.

java.io.EOFException: null

But the same is working when using Java Secure Socket connection without any certificates.

Please suggest me how to connect, send and receive using jpos.

Regards,

Kumar

[Mark Salter]

Please provide the detail needed to help us help you.

How is your PostChannel configured?

Is a good place to start.  If you have no SSL cofiguratiinnonnit, the check the Programmers Guide as what to add to your configuration.

--
Mark

-- 
Mark

-------- Original Message --------

--
--
jPOS is licensed under AGPL - free for community usage for your open-source project. Licenses are also available for commercial usage. Please support jPOS, contact: sa...@jpos.org
---
You received this message because you are subscribed to the Google Groups "jPOS Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jpos-users+...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/jpos-users/660160f1-1018-45c1-a2a0-9276d446c80en%40googlegroups.com.

[Kumar Kaliappan]

Hi team,

I have no configurations for PostChannel. Below is the code to create Channel and send the message.

final BaseChannel channel;
final ISOMsg isoRequest = new ISOMsg();
logger.info("Building channel");
channel = new PostChannel(host, port, jposPackager);
channel.setTimeout(timeout);
                channel.connect();
                channel.send(isoRequest);

I checked the chapter "5.2 SSL Channels". I dont get any clear idea how to implement it. 

Any sample code base repo or sample proram available for reference?

Regards,

Kumar

[chhil]

jPOS is designed to work flawlessly when it is using deploy files and q2. Even if you use spring there is no need to instantiate classes directly.

You may want to search on this google group how people use it.

You really do not want to have a prod system that does a channel.connect channel.send and. channel.receive. Its only good for basic testing.

From the programmer's guide https://jpos.org/doc/proguide-draft.pdf section 5.2

<channel-adaptor name='sslclient'
class="org.jpos.q2.iso.ChannelAdaptor" logger="Q2">
<channel class="org.jpos.iso.channel.NACChannel" logger="Q2"
packager="org.jpos.iso.packager.ISO87BPackager">
<property name="host" value="127.0.0.1" />
<property name="port" value="10000" />
<property name="timeout" value="360000" />
<property name="socketFactory" value="org.jpos.iso.GenericSSLSocketFactory" />
</channel>
<in>sslsend</in>
<out>sslreceive</out>
<reconnect-delay>10000</reconnect-delay>
</channel-adaptor>

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/b6edfbcd-9463-4bcb-aedd-f4270c25d80cn%40googlegroups.com.

[csr]

Hi Team, 

I am trying to establish a TLS connection with a TLS-enabled host. I followed Section 5.2 of the JPOS Programmer’s Guide, using GenericSSLSocketFactory.
However, I encounter the error message: "Unable to connect."
When I test the same endpoint using the command:

openssl s_client -connect 127.0.0.1:9000 -cert client.crt -key client.key -CAfile ca.crt

the TLS handshake completes successfully, and the connection is established.

Could you please advise what might be wrong with my JPOS client configuration?

I am attaching the Source Code snippet and output

[Mark Salter]

Please always start a new thread instead of tacking a question on the end of an existing one.

Who or what is providing the Server you are connecting to on your local machine?

--
Mark

-- 
Mark

-------- Original Message --------

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/597ca818-23dd-4df0-9bd4-024cb33d0823n%40googlegroups.com.

[Mark Salter]

P.s.  Does the  openssl command work if you use localhost instead of 127.0.0.1?

-- 
Mark

-------- Original Message --------
On 10/06/2025 06:29, csr wrote:

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/597ca818-23dd-4df0-9bd4-024cb33d0823n%40googlegroups.com.

[Mapfunde Venon]

try something below 

public ISOMsg sendToSwitch(ISOMsg isoMsg) throws Exception {

try {

Logger logger = new Logger();

logger.addListener(new SimpleLogListener(System.out));

NACChannel channel = new NACChannel(serverIp, Integer.parseInt(String.valueOf(serverPort)), new YourPackager(), null);

GenericSSLSocketFactory socketFactory = new GenericSSLSocketFactory();

channel.setSocketFactory(socketFactory);

channel.setConfiguration(clientConfiguration());

((LogSource) channel).setLogger(logger, "xml-server-express");

channel.connect();

log.info("########################### Connected on channel, Ready to send.........");

channel.send(isoMsg);

var response = channel.receive();

response.dump(System.out, "");

return response;

} catch (IOException | ISOException ex) {

if (ex instanceof SocketException) {

throw new BusinessValidationException("Issuer unavailable", true);

}

log.info("########################### Failing to connect: {}", ex.getMessage());

throw new Exception(ex.getMessage());

}

}

private Configuration clientConfiguration() {

Properties props = new Properties();

props.put("keystore", "/opt/cfg/cert.jks");

props.put("storepassword", "your_password");

props.put("keypassword", "your_password");

props.put("timeout", "60000");

props.put("connect-timeout", "60000");

return new SimpleConfiguration(props);

}

Venon Mapfunde(PMP,Msc Software Engineering,Bsc Computer Science & Mathematics)
Tel:+263 775 091 262
Email:taka...@gmail.com
Skype: venon.mapfunde

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/NdmP-0yRELnoUVGU8GwiyhRjGglwiSyucnCFEcDbCr_88oO5Y8L902pcnM7MLJfTHpXkuJogikSv8S85h_sB0mCiYXlpGEUd3ewodVK85vk%3D%40pm.me.

[csr]

HI Mark,

openssl command works with both localhost and 127.0.0.1

The Server application is test SSL server written by me using javax.net.ssl.SSLServerSocketFactory

[csr]

Thanks Venon.

Let me check on this.

[Mark Salter]

I was highlighting thingsni. The client that did not match in the openssl command that might cause the issue. 🙂

So you know the server is listening and available.

What in you Clinet runtimenis blocking it.  Where is the client running precisly, what is localhost from it's  perspective.

Can I suggest you stick with me just for now, the code shared to help is adding more variables, where I think there is a very simple problem to solve.

-- 
Mark

-------- Original Message --------

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/a0cc3b01-83bd-4f69-8123-627ae8c8fac4n%40googlegroups.com.

[chhil]

Share the logs with the ssl debugging that you enabled via properties.

-chhil

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/K7HwcbTP10fJ8tw3J-qSvPgf2AfnjfIvrMeKwifX92B0dgzR0bl5WkR8bubT50wom08f2YTmC6zV584OewGTbUwoEtwbk4BgBQsgv3_Pk_k%3D%40pm.me.

[Mark Salter]

The client is not able to hit the server's socket just yet.

I am hoping the OP shares *where* the Client is running - not directly on  localhost is my bet.

-- 
Mark

-------- Original Message --------

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/CAPazefALP-qnk9hCNRd4P5gWGwPLVnMxPn5ymES-wQcGzgqf_Q%40mail.gmail.com.

[csr]

Both Client and Server both are running on localhost.

regards

Satya

[Andrés Alcarraz]

Please, share the logs, as Chill asked, otherwise it will be difficult to know what's wrong. The stack trace will point to the exact thing that failed and help us, and you find out where to look in the code.

Andrés Alcarraz

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/d8e5d06b-75c8-4167-b457-03f86aebd55dn%40googlegroups.com.

[csr]

Hi Andres,

We are not seeing many logs on the console. We try to enable SSL handshake debug using (-Djavax.net.debug=ssl,handshake).

Here are the console logs that we are seeing at Server and Client. Hope it gives you some information.

Server Console Log

Client Console Log - No debug statements print at the server side. Looks like unable to connect to server but NetConnection result shows successful.

Net Connection Result

when Try using openssl command to connect server -- SSL handshake successful

server side at last we see

[Andrés Alcarraz]

Then start by configuring the log in jpos, and please, don't share text as screenshots.

----
Enviado desde mi móvil, disculpas por la brevedad.

Sent from my cellphone, I apologize for the brevity.

Andrés Alcarraz.

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/132c07ed-5c49-41b6-9b63-4593679ce74an%40googlegroups.com.

[csr]

 I found that when I disabled the setting socketfactory to the Channel it is able to connect to the server and received response,  but the connection is plain TCP connection not SSL. So looks like it is something to do the GenericSSLSocketFactory class?

[csr]

sorry haven't seen your msg, next time I won't share the text as screenshot.

[Mark Salter]

That client 'clear' channel code is using port 8443 and the server is listening on 9000.

Please carefully check the ports in play on both sides when you have SSL on the Client side

-- 
Mark

-------- Original Message --------

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/0d823a2b-8a5c-48e3-befa-4ada85364a31n%40googlegroups.com.

[csr]

Hi Mark,

We changed the port to 8443 from 9000. I double checked the ports correct.

After enabling the JPos logs at client side, we are seeing this error message.

Not sure why it is looking for .keystore file?

C:\projects\BCEL\jpos-vpa-ssl-client\bin>java -Djavax.net.debug=ssl,handshake JPOSSSLClient
<log realm="iso-server" at="2025-06-11T14:06:14.389317900" lifespan="12ms">
  <connect>
    Try 0 localhost:8443
      java.io.FileNotFoundException: C:\Users\satya.ch\.keystore (The system cannot find the file specified)
    Unable to connect
  </connect>
</log>
Exception in thread "main" java.io.IOException: Unable to connect
        at org.jpos.iso.BaseChannel.newSocket(BaseChannel.java:348)
        at org.jpos.iso.BaseChannel.connect(BaseChannel.java:416)
        at JPOSSSLClient.main(JPOSSSLClient.java:42)

In Client Application we set something like this.

       System.setProperty("javax.net.ssl.keyStore", "C:\\projects\\BCEL\\jpos-vpa-ssl-client\\client.p12");
        System.setProperty("javax.net.ssl.keyStorePassword", "changeit");
        System.setProperty("javax.net.ssl.keyStoreType", "PKCS12");

       System.setProperty("javax.net.ssl.trustStore", "C:\\projects\\BCEL\\jpos-vpa-ssl-client\\client-truststore.p12");
       System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
       System.setProperty("javax.net.ssl.trustStoreType", "PKCS12");

 VAPChannel channel = new VAPChannel("localhost", 8443, new GenericPackager("base1.xml"));
        channel.setLogger (logger, "iso-server");
        channel.setSocketFactory(new GenericSSLSocketFactory());
        channel.connect();

[Mark Salter]

Why is it still using port 8443.

Time to stop and very carefully check what you are doing.

Start a new thread *if* you need help once you have checked everything and pose a smart question.

-- 
Mark

-------- Original Message --------

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/426b8cb3-853f-44fb-9eac-a167405cc1d6n%40googlegroups.com.

[chhil]

Are your system properties being intialized before the jpos call? Probably not and its using the default home directory to find the key store.

Try the commandline argument way

java ^
 -Djavax.net.ssl.keyStore="C:\projects\BCEL\jpos-vpa-ssl-client\client.p12" ^
 -Djavax.net.ssl.keyStorePassword="changeit" ^
 -Djavax.net.ssl.keyStoreType="PKCS12" ^
 -Djavax.net.ssl.trustStore="C:\projects\BCEL\jpos-vpa-ssl-client\client-truststore.p12" ^
 -Djavax.net.ssl.trustStorePassword="changeit" ^
 -Djavax.net.ssl.trustStoreType="PKCS12" ^
 -Djavax.net.debug=ssl,handshake ^
 JPOSSSLClient

-chhil

To view this discussion visit https://groups.google.com/d/msgid/jpos-users/jJ2XJ4udWlUFw5zPNHMmKEG6qn50CEapyVadY44IMekWlN6O-KP9oUTZGgMzRte63AE_jqGBRoKu16Pmhuvi4juGMUHVDOprYvsZPmrTAaU%3D%40pm.me.