I have an app connecting to a service using Axis2-generated sources (WSDL2java client code, XMLbeans, using axis2-1.6.4). It has been working great.
The service I am connecting to is going to stop accepting incoming TLSv1 connections soon, so I need to figure out how to connect using TLSv1.1 or TLSv1.2. My client code is running java 1.7, and I've confirmed that the necessary support is there by creating a simple test client and running it like this
java -Dhttps.protocols=TLSv1.1,TLSv1.2 TestConnect
After finally figuring out how to pass that flag to my (grails) site which is the client in this case, it still doesn't seem to be affecting the handshake at all. Meaning, the socket is reset when it tries to connect (unlike my TestConnect app, which connects just fine). Also when I also set "-Djavax.net.debug=ssl:handshake:verbose" I see that v1.0 is still being used in the handshake:
%% No cached client session
*** ClientHello, TLSv1
http-bio-8080-exec-9, WRITE: TLSv1 Handshake, length = 149
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)
http-bio-8080-exec-9, handling exception: java.net.SocketException: Connection reset
http-bio-8080-exec-9
, SEND TLSv1 ALERT:
fatal,
description = unexpected_message
http-bio-8080-exec-9, WRITE: TLSv1 Alert, length = 2
http-bio-8080-exec-9, Exception sending alert: java.net.SocketException: Broken pipe
I also finally noticed that -- based on the docs here -- setting https.protocol will only affect connections made through use of the HttpsURLConnection class or via URL.openStream() operations. This makes me suspect axis2 is doing something else, or hopefully has a different way of enabling this same support.
Can someone point me in the right direction? Or confirm or disprove my thoughts?
Here's the full stacktrace(s):
2016-02-06 13:25:06,942 [http-bio-8080-exec-9] INFO httpclient.HttpMethodDirector - I/O exception (org.apache.axis2.AxisFault) caught when processing request: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
2016-02-06 13:25:06,948 [http-bio-8080-exec-9] DEBUG httpclient.HttpMethodDirector - Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
Message: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
Line | Method
->> 430 | makeFault in org.apache.axis2.AxisFault
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 78 | writeTo in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest . . . . . in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest . . . . . in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute in ''
| 398 | executeWithRetry . . . in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod in ''
| 397 | executeMethod . . . . . in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost . . . . . . in org.apache.axis2.transport.http.HTTPSender
| 75 | send in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke in ''
| 443 | send . . . . . . . . . in org.apache.axis2.engine.AxisEngine
| 406 | send in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl . . . . . . in ''
| 165 | execute in org.apache.axis2.client.OperationClient
| 1960 | login . . . . . . . . . in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> . . . . . . . . in com.zuora.zortal.repository.ZuoraRepository
| 40 | login in saaseiportal.unauthorized.LoginController
| 195 | doFilter . . . . . . . in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker . . . . . . . in java.util.concurrent.ThreadPoolExecutor
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run . . . . . . . . . . in java.lang.Thread
Caused by WstxIOException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
->> 261 | flush in com.ctc.wstx.sw.BaseStreamWriter
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 50 | flush in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 224 | close . . . . . . . . . in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 320 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
| 1 | serializeAndConsume . . in org.apache.axiom.om.impl.llom.OMElementImpl
| 74 | writeTo in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest . . . . . in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest . . . . . in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute in ''
| 398 | executeWithRetry . . . in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod in ''
| 397 | executeMethod . . . . . in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost . . . . . . in org.apache.axis2.transport.http.HTTPSender
| 75 | send in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke in ''
| 443 | send . . . . . . . . . in org.apache.axis2.engine.AxisEngine
| 406 | send in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl . . . . . . in ''
| 165 | execute in org.apache.axis2.client.OperationClient
| 1960 | login . . . . . . . . . in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> . . . . . . . . in com.zuora.zortal.repository.ZuoraRepository
| 40 | login in saaseiportal.unauthorized.LoginController
| 195 | doFilter . . . . . . . in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker . . . . . . . in java.util.concurrent.ThreadPoolExecutor
| 615 | run in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run . . . . . . . . . . in java.lang.Thread
Caused by SSLException: Connection has been shutdown: javax.net.ssl.SSLException: java.net.SocketException: Connection reset
->> 82 | flushBuffer in java.io.BufferedOutputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 140 | flush in ''
| 191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
| 103 | flush in com.ctc.wstx.io.UTF8Writer
| 225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
| 259 | flush in com.ctc.wstx.sw.BaseStreamWriter
| 50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 224 | close in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 320 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
| 1 | serializeAndConsume in org.apache.axiom.om.impl.llom.OMElementImpl
| 74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody . . . in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute . . . . . . . . in ''
| 398 | executeWithRetry in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod . . . . . in ''
| 397 | executeMethod in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost in org.apache.axis2.transport.http.HTTPSender
| 75 | send . . . . . . . . . in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke . . . . . . . . in ''
| 443 | send in org.apache.axis2.engine.AxisEngine
| 406 | send . . . . . . . . . in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl in ''
| 165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
| 1960 | login in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ . . . . . . in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> in com.zuora.zortal.repository.ZuoraRepository
| 40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
| 195 | doFilter in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter . . . . . . . in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
Caused by SSLException: java.net.SocketException: Connection reset
->> 82 | flushBuffer in java.io.BufferedOutputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 140 | flush in ''
| 191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
| 103 | flush in com.ctc.wstx.io.UTF8Writer
| 225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
| 259 | flush in com.ctc.wstx.sw.BaseStreamWriter
| 50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 232 | flush in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 318 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
| 1 | serializeAndConsume in org.apache.axiom.om.impl.llom.OMElementImpl
| 74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody . . . in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute . . . . . . . . in ''
| 398 | executeWithRetry in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod . . . . . in ''
| 397 | executeMethod in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost in org.apache.axis2.transport.http.HTTPSender
| 75 | send . . . . . . . . . in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke . . . . . . . . in ''
| 443 | send in org.apache.axis2.engine.AxisEngine
| 406 | send . . . . . . . . . in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl in ''
| 165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
| 1960 | login in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ . . . . . . in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> in com.zuora.zortal.repository.ZuoraRepository
| 40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
| 195 | doFilter in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter . . . . . . . in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
Caused by SocketException: Connection reset
->> 196 | read in java.net.SocketInputStream
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
| 122 | read in ''
| 82 | flushBuffer . . . . . . in java.io.BufferedOutputStream
| 140 | flush in ''
| 191 | flush . . . . . . . . . in org.apache.commons.httpclient.ChunkedOutputStream
| 103 | flush in com.ctc.wstx.io.UTF8Writer
| 225 | flush . . . . . . . . . in com.ctc.wstx.sw.BufferingXmlWriter
| 259 | flush in com.ctc.wstx.sw.BaseStreamWriter
| 50 | flush . . . . . . . . . in org.apache.axiom.util.stax.wrapper.XMLStreamWriterWrapper
| 232 | flush in org.apache.axiom.om.impl.MTOMXMLStreamWriter
| 318 | ajc$interMethod$org_apache_axiom_om_impl_common_AxiomContainerSupport$org_apache_axiom_om_impl_common_AxiomContainer$serializeAndConsume in org.apache.axiom.om.impl.common.AxiomContainerSupport
| 1 | serializeAndConsume in org.apache.axiom.om.impl.llom.OMElementImpl
| 74 | writeTo . . . . . . . . in org.apache.axis2.transport.http.SOAPMessageFormatter
| 84 | writeRequest in org.apache.axis2.transport.http.AxisRequestEntity
| 499 | writeRequestBody . . . in org.apache.commons.httpclient.methods.EntityEnclosingMethod
| 2114 | writeRequest in org.apache.commons.httpclient.HttpMethodBase
| 1096 | execute . . . . . . . . in ''
| 398 | executeWithRetry in org.apache.commons.httpclient.HttpMethodDirector
| 171 | executeMethod . . . . . in ''
| 397 | executeMethod in org.apache.commons.httpclient.HttpClient
| 621 | executeMethod . . . . . in org.apache.axis2.transport.http.AbstractHTTPSender
| 193 | sendViaPost in org.apache.axis2.transport.http.HTTPSender
| 75 | send . . . . . . . . . in ''
| 396 | writeMessageWithCommons in org.apache.axis2.transport.http.CommonsHTTPTransportSender
| 223 | invoke . . . . . . . . in ''
| 443 | send in org.apache.axis2.engine.AxisEngine
| 406 | send . . . . . . . . . in org.apache.axis2.description.OutInAxisOperationClient
| 229 | executeImpl in ''
| 165 | execute . . . . . . . . in org.apache.axis2.client.OperationClient
| 1960 | login in com.zuora.api.ZuoraServiceStub
| 51 | ___init___ . . . . . . in com.zuora.zortal.util.ZApi$$EPbyIuau
| 48 | <init> in com.zuora.zortal.repository.ZuoraRepository
| 40 | login . . . . . . . . . in saaseiportal.unauthorized.LoginController
| 195 | doFilter in grails.plugin.cache.web.filter.PageFragmentCachingFilter
| 63 | doFilter . . . . . . . in grails.plugin.cache.web.filter.AbstractFilter
| 1145 | runWorker in java.util.concurrent.ThreadPoolExecutor
| 615 | run . . . . . . . . . . in java.util.concurrent.ThreadPoolExecutor$Worker
^ 745 | run in java.lang.Thread
This problem only happens with Java 7 as Java 8 uses TLSv1.2 by default source
You need to create SSLSocketFactory, I have pushed a pull request into the Zuora SDK doing that here
String TLS_VERSION = "TLSv1.2";
SchemeRegistry registry = new SchemeRegistry();
SSLSocketFactory socketFactory;
try {
if (Boolean.valueOf(((String) ZConfig.getInstance().getVal("ssl.verify.peer")).toLowerCase())) {
socketFactory = new SSLSocketFactory(TLS_VERSION, null, null, null, null, null,
SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
} else {
socketFactory = new SSLSocketFactory(TLS_VERSION, null, null, null, null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] arg0, String arg1) throws CertificateException {
return true;
}
}, SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
}
// need both http and https
registry.register(new Scheme("https", 443, socketFactory));
}