Receiving Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Question

I am getting javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake exception when I try to do Https get of a web service

Caused by: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:946)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394)
    at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353)
    at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:141)
    at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353)
    at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380)
    at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
    at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
    at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
    at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
    at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:71)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:220)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:164)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:139)
    at com.cl.fwk.services.http.impl.WebServiceImpl.get(WebServiceImpl.java:241)
    ... 28 more
Caused by: java.io.EOFException: SSL peer shut down incorrectly
    at sun.security.ssl.InputRecord.read(InputRecord.java:482)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
    ... 46 more

My Configuration for HTTP Connector:

   Connector connector = new Connector(Http11NioProtocol.class.getName());
   Http11NioProtocol protocol = (Http11NioProtocol) 
   connector.getProtocolHandler();
   protocol.setKeystoreFile("./Tests/Properties/keystore_local.ks");
   protocol.setKeystorePass("changeit");
   protocol.setSSLEnabled(true);
   protocol.setSslProtocol("TLS"); // TLSv1
   protocol.setClientAuth("true");
   protocol.setMaxThreads(200);
   protocol.setSecure(true);
   connector.setPort(443);
   protocol.setConnectionTimeout(30000);
   tomcat.getService().addConnector(connector);

In any case, is there anything I can do to my code to get around this problem? Here is the error in full:

main, WRITE: TLSv1 Handshake, length = 48
main, received EOFException: error
main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
%% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA]
main, SEND TLSv1 ALERT:  fatal, description = handshake_failure
main, WRITE: TLSv1 Alert, length = 32
main, called closeSocket()

Answer 1

That is a problem of security protocol. you are using TLSv1 but the host accept only TLSv1.1 and TLSv1.2 then you have to change the protocol in Java with the instruction below:

protocol.setProperty("https.protocols", "TLSv1.1");

Answer 2

Try changing protocol.setSslProtocol("TLS") to "TLSv1.1" or "TLSv1.2"

Answer 3

There are two things you can do : url you are trying to access may not have a CA certified certificate so ask for certificate or you can import certificate in cacerts(java runtime) and then try to access or else second : you can disable truststore(trust all certificate ) which obviously not at all recommended from security point of view.

You can refer here