I have a Tomcat 7 server which runs some servlet I need to access via post from another Tomcat 7 server.
The connection is a SSL connection for security reasons, and I use this code to connect:
/* Load the keyStore that includes self-signed cert as a "trusted" entry. */
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new FileInputStream("myjks.jks"), "123456".toCharArray());
TrustManagerFactory tmf =
TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext ctx = SSLContext.getInstance("TLSv1");
ctx.init(null, tmf.getTrustManagers(), null);
SSLSocketFactory sslFactory = ctx.getSocketFactory();
HttpClientBuilder builder = HttpClientBuilder.create();
SSLConnectionSocketFactory sslConnectionFactory =
new SSLConnectionSocketFactory(ctx,
SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);
builder.setSSLSocketFactory(sslConnectionFactory);
Registry<ConnectionSocketFactory> registry =
RegistryBuilder.<ConnectionSocketFactory>create()
.register("https", sslConnectionFactory)
.build();
HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry);
builder.setConnectionManager(ccm);
CloseableHttpClient client = builder.build();
HttpPost post = new HttpPost("https://myurl.com:9999/post");
/* post has parameters - omitted */
HttpResponse response = client.execute(post);
HttpEntity entity = response.getEntity();
String responseString = EntityUtils.toString(entity, "UTF-8");
int httpCode = response.getStatusLine().getStatusCode();
System.out.println(responseString);
System.out.println(httpCode);
There is problem: everytime I try to connect I get
Received fatal alert: handshake_failure
Now, the weird thing is that the exact same code run via a plain java application just works and outputs
<response data>
200
The code on the server runs on Apache Tomcat 7.0.42 with Java 6, and the java application runs on Java 6.
This is how the Tomcat-SSL server connector is configured:
<Connector port="${tomcat.ssl.port}" protocol="HTTP/1.1"
enableLookups="false"
SSLEnabled="true" scheme="https" sslProtocol="TLS" secure="true" clientAuth="false"
keystoreFile="${catalina.base}/conf/certstore/server.jks"
keystorePass="123456"
truststoreFile="${catalina.base}/conf/certstore/ca.jks"
truststorePass="123456"
URIEncoding="UTF-8"
ciphers="SSL_RSA_WITH_RC4_128_MD5,
SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA,
SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
TLS_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_RSA_WITH_AES_256_CBC_SHA,
TLS_DHE_DSS_WITH_AES_256_CBC_SHA"
/>
These are the supported ciphers:
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_DSS_WITH_AES_128_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_EXPORT_WITH_RC4_40_MD5
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA
TLS_EMPTY_RENEGOTIATION_INFO_SCSV
Why does the tomcat-to-tomcat connection give these problems? What should I do in order to make this code work?
