stackoom
  简体   繁体   中英

SSL connection refused with NEED_WRAP

 原文  2021-06-28 13:45:59       java/ ssl/ wso2/ wso2ei/ wso2mb

Question

Current situation. There are 2 nodes on the same internal network (let's call them Bus and Broker). The internal CA has signed a request made 2 weeks ago. This signed certificate has been inserted correctly into the Broker's "keystore" as well as the Bus's "truststore". It has been verified that both nodes' software use the appropriate stores.

When trying to setup a secure connection using JMS (or AMQP) the Bus's output is as follows:

TID: [] [] [2021-06-16 11:47:08,949] ERROR {org.wso2.andes.transport.network.mina.MinaNetworkHandler} -  Exception caught by Mina {org.wso2.andes.transport.network.mina.MinaNetworkHandler}
javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP

The error on the broker side is:

ERROR {org.wso2.andes.transport.network.mina.MinaNetworkHandler} -  Exception caught by Mina but without protocol engine to handle it
java.lang.NullPointerException

Things we've excluded so far:

  • The certificate is valid, as well as it's chain (and it still before expiry date)
  • The serial numbers of the entries in truststore and keystore match
  • The passwords used on the software to decrypt the entries are correct
  • The actual correct stores are being in use (there is another key in the store matching another service which does work)
  • The keystore entry is for the exact right domain (and has 2 alternatives)
  • The duplicates of the certificates were all removed from the truststore

The verification of the certificates using openssl tooling was also done. The MD5 hashes of the CRT/Key/CSR all match.

Any hint/clue is appreciated.

1 answers

solution1
 0 ACCPTED  2021-07-08 07:14:12

So with the help of support figured it out. If not explicitly mentioned in the broker configuration for the broker profile, the broker will fallback to TLS 1.0 . In java version 1.8.0_292 TLS 1 and 1.1 have been deprecated, resulting in an illegal protocol for communication.

It was solved by adding the following line to the broker config:

<sslEnabledProtocols>TLSv1.2</sslEnabledProtocols>

Add this in the sslConnection tag under broker.xml .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question java SSLEngine says NEED_WRAP, call .wrap() and still NEED_WRAP java.net.http HttpClient goes into loop wrapBuffer returned Status = OK HandshakeStatus = NEED_WRAP Java SSL connection refused Connection refused after SSL handshake java ssl connection refused, but it works on local machine Connection refused after installing SSL certificates into tomcat server Java SOAP web service over SSL with basic authentication, connection refused Connection Refused? What do I need for a java SSL (HTTPS) connection Getting Connection refused (Connection refused) in android studio
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM