Anyone explain to me how can fix this problem on liberty 20.0.0.12
[ERROR ] CWWKO0801E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 is not enabled or supported in server context
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:880)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:832)
at java.base/sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:810)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:450)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1078)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1065)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1012)
at com.ibm.ws.channel.ssl.internal.SSLUtils.handleHandshake(SSLUtils.java:751)
at [internal classes]
.
I search in internet but can not found solution to fix this problem !
Question 1) this exception is for Liberty engine or my JaxRS Client request ?
@Singleton
@TransactionManagement(TransactionManagementType.BEAN)
public class BinanceService {
@Inject
private Logger logger;
@EJB
private StatisticDAO statisticDAO;
private Client client;
private WebTarget target;
@PostConstruct
public void init() {
try {
SSLContext sc = SSLContext.getDefault();
SSLParameters sslParameters = sc.getSupportedSSLParameters();
sslParameters.setProtocols(new String[]{"SSLv1.2", "SSLv3"});
TrustManager[] trustAllCerts = {new InsecureTrustManager()};
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HostnameVerifier allHostsValid = new InsecureHostnameVerifier();
client = ClientBuilder.newBuilder().sslContext(sc).hostnameVerifier(allHostsValid).build();
target = client.target("https://api.binance.com");
} catch (Exception e) {
e.printStackTrace();
}
}
public List<String> exchangeInfo() {
List<String> list = new ArrayList<>();
try {
Response response = target.path("/api/v3/exchangeInfo")
.request(MediaType.APPLICATION_JSON_TYPE)
.get();
JsonObject jsonObject = response.readEntity(JsonObject.class);
JsonArray symbolsArray = jsonObject.get("symbols").asJsonArray();
for (JsonValue symbolJson : symbolsArray) {
String symbol = symbolJson.asJsonObject().getString("symbol");
String baseAsset = symbolJson.asJsonObject().getString("baseAsset");
if (baseAsset.endsWith("DOWN") || baseAsset.endsWith("UP")) {
continue;
}
String finaSymbolName = baseAsset + "/" + symbol.substring(baseAsset.length());
list.add(finaSymbolName);
}
} catch (Exception e) {
logger.finer("Failed to fetch binance symbols");
}
return list;
}
public void fetchAndSaveAllSymbols() {
List<String> list = exchangeInfo();
logger.info(String.format("fetch and save %d symbols", list.size()));
statisticDAO.bulkInsert(list);
}
}
Note: I manually generated PKCS12 :
keytool -genkeypair -alias "cs-key" -keystore "cs.jks" -dname "CN=test.local" -keyalg RSA -storepass "mah123456" -validity 365
keytool -importkeystore -srckeystore cs.jks -srcstorepass "mah123456" -destkeystore key.p12 -deststorepass "mah123456" -deststoretype PKCS12
Question 2: How can fix this ?
Your servers Java SDK likely/smartly blocks the antiquated SSLv3 via jdk.tls.disabledAlgorithms in java.security. Either modernize your SSL client or allow the unsafe SSLv3 in the server in java.security.