SSL Connection to Remote Server Fails After JDK Upgrade to JDK 7 Update 181 or Later (Doc ID 2448170.1)

Last updated on JULY 24, 2023

Applies to:

Symptoms

Application running on Weblogic server makes a HttpsUrlConnection to a remote SSL enabled server. It is working properly with JDK 1.7.0_151. After upgrade to JDK 7 Update 181 (JDK 1.7.0_181) or later, the connection breaks due to SSL handshake error. With -Djavax.net.debug=all JVM option in place, the following debugging level message during SSL handshake is captured:

*** ClientHello, TLSv1.2

RandomCookie: GMT: 1519765242 bytes = { 212, 168, 42, 219, 0, 118, 33, 227, 84, 205, 185, 134, 169, 65, 62, 167, 141, 57, 63, 0, 63, 121, 37, 52, 164, 163, 219, 27 }

Session ID: {}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods: { 0 }

Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA

Extension extended_master_secret

Extension server_name, server_name: [host_name: host1.example.com]

***

[write] MD5 and SHA1 hashes: len = 230

0000: 01 00 00 E2 03 03 5B 96 C7 FA D4 A8 2A DB 00 76 ......[.....*..v

...

....

main, WRITE: TLSv1.2 Handshake, length = 230

[Raw write]: length = 235

0000: 16 03 03 00 E6 01 00 00 E2 03 03 5B 96 C7 FA D4 ...........[....

0010: A8 2A DB 00 76 21 E3 54 CD B9 86 A9 41 3E A7 8D .*..v!.T....A>..

0020: 39 3F 00 3F 79 25 34 A4 A3 DB 1B 00 00 56 C0 24 9?.?y%4......V.$

....

....

main, received EOFException: error

main, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

main, SEND TLSv1.2 ALERT: fatal, description = handshake_failure

main, WRITE: TLSv1.2 Alert, length = 2

[Raw write]: length = 7

0000: 15 03 03 00 02 02 28 ......(

main, called closeSocket()

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.