We tested version 9.10 ,JDK 1.8, send message by TN use TLS 1.2 protocol, send failure, according to Alert Fatal: handshake failure;
When using TLS 1.0 protocol, can correct to send and receive messages. Who know where is wrong?
please note that TLS v1.1 and TLS v1.2 are only available when using JSSE for inbound or outbound connections.
When JSSE is not used only TLS v1.0 will be available.
This is due to the fact that the properties watt.net.ssl.client.handshake.minVersion=tls and watt.net.ssl.client.handshake.maxVersion=tls will both using TLS v1.0. The underlying Entrust library is not yet aware of the newer TLS v1.1.and TLS v1.2 protocol version.
Delete all settings similar to iaik, or reported the following error. Why to enable iaik?
Delivery service for 5972sa00bf6ora5m0000000q failed with a status of fail and status message of ERROR iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure
SSL logs:
INFO | jvm 5 | 2017/05/03 17:09:22 | Allow unsafe renegotiation: false
INFO | jvm 5 | 2017/05/03 17:09:22 | Allow legacy hello messages: true
INFO | jvm 5 | 2017/05/03 17:09:22 | Is initial handshake: true
INFO | jvm 5 | 2017/05/03 17:09:22 | Is secure renegotiation: false
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-Acceptor-0, setSoTimeout(60000) called
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
INFO | jvm 5 | 2017/05/03 17:09:22 | Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-exec-23, received EOFException: error
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-exec-23, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-exec-23, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-exec-23, WRITE: TLSv1.2 Alert, length = 2
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-exec-23, called closeSocket()
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-exec-23, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-exec-23, called close()
INFO | jvm 5 | 2017/05/03 17:09:22 | http-bio-8074-exec-23, called closeInternal(true)