'Java HttpsURLConnectionImpl.getOutputStream() error : java.net.SocketException: recv() failed, errno = 104 Connection reset by peer

We have a Java 8 solution (as a Java application on Oracle Database) that communicates with a external webservice using HttpsURLConnection. The solution had been working in two diferent servers (production and development) for a few months until a few days ago. Now, production's server can't communicate with the external service. Both servers are in the same intranet. There is already an SSL exemption in the firewall, regardless from which machine the request is coming.

URL url = new URL(xxxxxxx);

connection = (HttpsURLConnection) url.openConnection();

SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); 
sslContext.init(null, null, new SecureRandom());

connection.setSSLSocketFactory(sslContext.getSocketFactory());

connection.setRequestProperty("Content-Type", "text/xml; charset=utf-8");
connection.setRequestProperty("Content-Length", String.valueOf(request.getBytes().length));
connection.setRequestProperty("SOAPAction", soapAction);
connection.setRequestProperty("Connection", "close");
connection.setRequestMethod("POST");
connection.setDoOutput(true);
connection.setDoInput(true);

OutputStreamWriter writer = new OutputStreamWriter(connection.getOutputStream(), StandardCharsets.UTF_8); // the error occurs here

I got the SSL debug log. The problem occurs in the Change Cipher Spec phase, but I must say I understand almost nothing of it. Could someone give me some light on that?

That's the working environment log.

...
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 217, 14, 157, 243, 65, 202, 61, 131, 199, 202, 209, 89, 23, 67, 182, 75, 113, 161, 61, 10, 86, 145, 124, 81, 92, 147, 172, 0, 234, 110, 211, 117, 243, 31, 39, 60, 78, 225, 53, 128, 21, 53, 245, 29, 73, 184, 203, 229, 94, 107, 176, 100, 193, 236, 81, 81, 100, 73, 121, 213, 0, 100, 136, 97 }
update handshake state: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
Root Thread, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
0000: 52 80 DB 21 7F 02 F9 97   F6 B6 03 3B E1 82 D5 DD  R..!.......;....
0010: C3 14 4E CF 1C 67 9C D3   2E F8 90 68 49 20 67 79  ..N..g.....hI gy
CONNECTION KEYGEN:
Client Nonce:
0000: 62 7C 58 D4 5C 63 E7 2B   60 B3 E1 6E 7C 0B C1 54  b.X.\c.+`..n...T
0010: C2 E4 30 64 3D 83 29 C4   F4 08 52 3D 3E D1 E6 7E  ..0d=.)...R=>...
Server Nonce:
0000: 62 7C 58 DE E8 9F C7 D7   78 E9 E1 A1 9A BB 0C CF  b.X.....x.......
0010: 5B AC FE 77 C9 CE C1 C6   84 FE 6E F6 57 AC 34 BB  [..w......n.W.4.
Master Secret:
0000: 1A 27 55 2E 87 04 70 B7   41 C0 72 5B BD A4 D2 F3  .'U...p.A.r[....
0010: F2 60 A3 D5 EF DA 96 CB   94 54 4C 4F ED 96 20 36  .`.......TLO.. 6
0020: 68 92 95 C3 1C B2 B2 92   6D 3A 10 07 60 7D 22 A4  h.......m:..`.".
Client MAC write Secret:
0000: 30 B4 D1 71 D0 22 74 45   6D DF A8 C7 89 0E 35 1C  0..q."tEm.....5.
0010: CB A7 99 1B                                        ....
Server MAC write Secret:
0000: 4E B5 28 BB 9E 39 B4 12   05 78 0A 2E A4 B4 9C EE  N.(..9...x......
0010: 19 77 69 B4                                        .wi.
Client write key:
0000: B0 E2 CB 73 89 6E 58 27   90 2E CC 89 DC B4 92 5E  ...s.nX'.......^
Server write key:
0000: 43 41 5F B0 92 60 A6 65   B2 34 20 BD E1 F4 E6 C1  CA_..`.e.4 .....
... no IV derived for this protocol
update handshake state: change_cipher_spec
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
Root Thread, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 33, 77, 106, 114, 234, 141, 87, 61, 138, 130, 163, 1 }
***
update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
Root Thread, WRITE: TLSv1.2 Handshake, length = 64
Root Thread, READ: TLSv1.2 Change Cipher Spec, length = 1
update handshake state: change_cipher_spec
upcoming handshake states: server finished[20]
Root Thread, READ: TLSv1.2 Handshake, length = 64
check handshake state: finished[20]
update handshake state: finished[20]
*** Finished
verify_data:  { 74, 213, 97, 198, 226, 229, 180, 241, 70, 212, 251, 190 }
***
%% Cached client session: [Session-2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
Root Thread, WRITE: TLSv1.2 Application Data, length = 336
Root Thread, WRITE: TLSv1.2 Application Data, length = 320
Root Thread, READ: TLSv1.2 Application Data, length = 672
Root Thread, called close()
Root Thread, called closeInternal(true)
Root Thread, SEND TLSv1.2 ALERT:  warning, description = close_notify
Root Thread, WRITE: TLSv1.2 Alert, length = 48
Root Thread, called closeSocket(selfInitiated)

That's the problematic environment log.

...
*** ServerHelloDone
*** ECDHClientKeyExchange
ECDH Public value:  { 4, 167, 136, 232, 159, 206, 2, 176, 177, 130, 114, 135, 176, 244, 10, 219, 33, 174, 107, 7, 121, 24, 137, 60, 125, 19, 175, 116, 70, 228, 228, 51, 189, 107, 118, 11, 107, 51, 239, 93, 125, 84, 39, 57, 183, 138, 223, 193, 119, 44, 253, 80, 219, 40, 15, 85, 100, 33, 190, 128, 255, 97, 89, 87, 143 }
update handshake state: client_key_exchange[16]
upcoming handshake states: certificate_verify[15](optional)
upcoming handshake states: client change_cipher_spec[-1]
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
Root Thread, WRITE: TLSv1.2 Handshake, length = 70
SESSION KEYGEN:
PreMaster Secret:
0000: 2C 0E 5A CC 70 67 1E DA   EF 24 BD AF 78 1F D4 F1  ,.Z.pg...$..x...
0010: 37 6E 9E F0 4C C7 D2 81   12 96 56 58 21 51 CB F0  7n..L.....VX!Q..
CONNECTION KEYGEN:
Client Nonce:
0000: 62 7C 59 01 99 E7 5C D2   7C 8C 0B 69 D9 1C E0 F3  b.Y...\....i....
0010: FB 2F 2A F6 8A 39 14 3D   A3 97 52 E4 5B 2A 76 4B  ./*..9.=..R.[*vK
Server Nonce:
0000: 62 7C 59 0C F4 E6 DC 2A   44 AD 18 90 D3 4F 63 7E  b.Y....*D....Oc.
0010: 66 23 5A 67 93 89 6B 1F   C0 C3 63 23 AF 37 C6 6C  f#Zg..k...c#.7.l
Master Secret:
0000: 3E 86 A5 62 26 98 0F D5   3C DC E8 43 EB 2A 24 DD  >..b&...<..C.*$.
0010: AE 97 62 B2 5F 35 32 B8   39 CB D2 D9 2F C2 C5 6E  ..b._52.9.../..n
0020: 8B 9E A4 13 AC FC 23 F7   A6 7C D0 45 75 C1 84 C1  ......#....Eu...
Client MAC write Secret:
0000: B5 7B 5D 9F 19 75 DF 3B   10 8B 4F 05 1A 34 A3 72  ..]..u.;..O..4.r
0010: B8 C8 DD 5B                                        ...[
Server MAC write Secret:
0000: C6 73 28 BB 6D BB F0 94   BE B0 F5 94 0F D8 7C DD  .s(.m...........
0010: AF CD 13 C5                                        ....
Client write key:
0000: AA B2 68 16 8F 83 AB 36   23 3C 32 32 F5 07 3C 71  ..h....6#<22..<q
Server write key:
0000: C7 D3 CB 45 83 7C C6 43   EB F2 8D 9A FF ED 8D 3C  ...E...C.......<
... no IV derived for this protocol
update handshake state: change_cipher_spec
upcoming handshake states: client finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
Root Thread, WRITE: TLSv1.2 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 220, 126, 103, 72, 101, 75, 126, 187, 118, 206, 38, 5 }
***
update handshake state: finished[20]
upcoming handshake states: server change_cipher_spec[-1]
upcoming handshake states: server finished[20]
Root Thread, WRITE: TLSv1.2 Handshake, length = 64
Root Thread, handling exception: java.net.SocketException: recv() failed, errno = 104
Connection reset by peer
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-2, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA]
Root Thread, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
Root Thread, WRITE: TLSv1.2 Alert, length = 48
Root Thread, Exception sending alert: java.net.SocketException: send failed
Broken pipe
Root Thread, called closeSocket()
Root Thread, called close()
Root Thread, called closeInternal(true)
Exception in thread "Root Thread" java.net.SocketException: recv() failed, errno = 104
Connection reset by peer
    at java.net.SocketInputStream.socketRead0(Native Method)
    at java.net.SocketInputStream.read(SocketInputStream.java)
    at java.net.SocketInputStream.read(SocketInputStream.java)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java)
    at sun.security.ssl.InputRecord.read(InputRecord.java)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1325)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1352)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java)
    at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:559)
    at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
    at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1158)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:264)
    at oracle.apps.bra.dofcon.MarinItOracleService2.getResponse(MarinItOracleService2:86)
    at oracle.apps.bra.dofcon.MarinItOracleService2.testLogin(MarinItOracleService2:200)

Before ***ServerHelloDone, the logs are pretty much the same. There are changes in some hexadecimal values, but it doesn't seem to be related to the problem.

javassltls1.2


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions