Skip to Main Content

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Interested in getting your voice heard by members of the Developer Marketing team at Oracle? Check out this post for AppDev or this post for AI focus group information.

Why does SSL handshake failure error message is not getting captured in log file.

user4459349Nov 9 2023

We are using Oracle JDK version "1.8.0_381" and our application is using default TLS provided. OS for customer setup: Linux | 3.10.0-1160.88.1.0.2.el7.x86_64.

The problem is that the customer is unable to connect a loadbalancer (called as redirect server) with our product DPA application server, it fails to establish connection using cipher "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256" during handshake. Our product is deployed on top of JBOSS server, and we use standalone.xml for providing list of cipher-suits supported. The order of ciphers are as follows: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_DHE_RSA_WITH_AES_128_CBC_SHA256,TLS_DHE_RSA_WITH_AES_256_CBC_SHA256,TLS_DHE_RSA_WITH_AES_128_GCM_SHA256,TLS_DHE_RSA_WITH_AES_256_GCM_SHA384".

Kindly confirm if the order for adding ciphers is accurate.

We collected tcpdump of customer setup. We found it is failing during SSL handshake (err code 40). We tried to debug this issue using SSL handshake logs, but we couldn't see any failure message captured in the log files also, the logs are very unusual.

Kindly respond why the failure message is not getting included in SSL handshake debug logs.

Comments
Post Details
Added on Nov 9 2023
1 comment
159 views