RE: [ebxmlms-general] RE: SSLHandshakeException (SSL PROBLEM)

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hi Robert,

I'm getting a similar error (javax.net.ssl.SSLHandshakeException: Remote
host closed connection during handshake) at random occassions (some
connections get through), when connecting to Tibco Business Connect in =
our
partners test environment. Oddly enough, in production, where our =
partner
uses an external clustered HTTPS web server, the connections appear to =
work
fine.

The thing is, the problem is replicable outside of Hermes... i.e. I used =
a
simple HTTPS client (consisting of just a few lines of code) which uses =
the
socket method of connecting, and I still got the same error I'm getting =
with
Hermes ... and this was duplicated no matter the version of Java I was
using, be it 1.4.2_01 or 1.4.2_08 or 1.5! I figured this was a problem =
to do
with Tibco's internal SSL handler which wasn't behaving correctly and
requested our partner try to see what's going on with Tibco.

We use Hermes 0.9.3.1 and Java 1.4.2, I examined Http.java - most if it
appears to be commented out? Perhaps it's changed between versions.

I've attached the source code I was using for the simple HTTPS client, =
see
if you can connect to your partners Cyclone using it.=20

import java.net.*;
import java.io.*;
import java.security.*;
import javax.net.ssl.*;

public class HTTPSClient {

  public static void main(String[] args) {

    int port =3D 6707;
    String host =3D "HOST_URL";

    try {

     Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
      SSLSocketFactory factory
       =3D (SSLSocketFactory) SSLSocketFactory.getDefault();

      SSLSocket socket =3D (SSLSocket) factory.createSocket(host, port);

      Writer out =3D new OutputStreamWriter(socket.getOutputStream());
      // https requires the full URL in the GET line
      out.write("GET http://" + host + "/ HTTP/1.1\r\n");
      out.write("\r\n");
      out.flush();

      // read response
      BufferedReader in =3D new BufferedReader(
       new InputStreamReader(socket.getInputStream()));
      int c;
      while ((c =3D in.read()) !=3D -1) {
        System.out.write(c);
      }

      out.close();
      in.close();
      socket.close();

    }
    catch (Exception e) {
      System.out.println(e);
    }

  }

}

-----Original Message-----
From: ebx...@li...
[mailto:ebx...@li...] On Behalf Of Robert =
A.
Stockfleth
Sent: Wednesday, 3 August 2005 8:05 AM
To: ebx...@li...
Subject: [ebxmlms-general] RE: SSLHandshakeException (SSL PROBLEM)

A few weeks ago I figured out where my SSL Handshake problem is coming =
from.
=20
It seems that by default Hermes uses the HttpsURLConnection class to =
connect
(when you're accessing a HTTPS URL).
=20
I rewrote the SSL connection portion of Http.java to use the Socket =
class
instead of the HttpsURLConnection class.  When I connected using the =
exact
same keystore - the handshaking process worked properly.
=20
It seems like something inside the HttpsURLConnection class was not
compatible with the Cyclone server, my private key or both.
=20
Anyone have any ideas (that don't involve hacking the source apart)??
=20
PS Any chance future versions of Hermes will undergo Drummond's "EBXML"
certification.  Many large companies will not allow outside vendors to
connect, unless they are using an officially EBXML certified =
application.
=20

The information contained in this email and any attachments to it:
=20
(a) may be confidential and if you are not the intended recipient, any =
interference with,=20
use, disclosure or copying of this material is unauthorised and =
prohibited; and
=20
(b) may contain personal information of the recipient and/or the sender =
as defined
 under the Privacy Act 1988 (Cth). Consent is hereby given by the =
recipient(s) to=20
collect, hold and use such information and any personal information =
contained in a=20
response to this email, for any reasonable purpose in the ordinary =
course of=20
Ross Human Directions Limited  business (including all of it=92s =
subsidiaries), including=20
forwarding this email internally or disclosing it to a third party.=20
All personal information collected by Ross Human Directions Limited will =
be handled in=20
accordance with Ross Human Directions Limited Privacy Policy. If you =
have received this=20
email in error, please notify the sender and delete it.=20

(c) you agree not to employ or arrange employment for any candidate(s) =
supplied in=20
this email and any attachments without first entering into a contractual =
agreement with=20
Ross Human Directions Limited. You further agree not to divulge any =
information contained=20
in this document to any person(s) or entities without the express =
permission of=20
Ross Human Directions Limited.=20