Remote host closed connection during handshake

[awilkins]

This seems to be caused by my server being configured to only use the most secure available SSL implementation (TLSv1.2)

Not sure which bit of the code to attack, anyone with expertise in Apache Commons HttpClient would be welcome to try...

---

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:965)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1344)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:721)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:82)
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:140)
    at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828)
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565)
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116)
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096)
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398)
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171)
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397)
    at org.eclipse.mylyn.commons.net.WebUtil$2.execute(WebUtil.java:334)
    at org.eclipse.mylyn.commons.net.WebUtil$2.execute(WebUtil.java:1)
    at org.eclipse.mylyn.internal.commons.net.MonitoredRequest.call(MonitoredRequest.java:51)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:482)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
    ... 19 more

[awilkins]

Ok, this seems to be linked to the Java support for TLSv1.2 being disabled by default on my platform (Ubuntu 14.04.3 / OpenJDK7)

See : https://bugs.launchpad.net/ubuntu/+source/openjdk-7/+bug/1314113

• There's no way to enable this globally via a system property in OpenJDK 7 (the "https.protocols" property only governs sockets created by the URL class, which Apache HttpClient doesn't use AFAICT).
• The way to fix this for HttpClient seems to be to override the default protocol handler for https with a custom socket factory, thus : http://stackoverflow.com/questions/32587141/how-to-force-commons-httpclient-3-1-to-use-tls-1-2-only-for-https

The easiest way forward seems to be using JDK 8 or above.