java.lang.IllegalArgumentException: SSLv2Hello

JBoss Issue Tracker | Martin Malina | 8 years ago
  1. 0

    Some tests in the testsuite are failing due to IBM JDK not supporting the SSLv2Hello protocol: 15:10:46,727 ERROR [AbstractKernelController] Error installing to Start: name=jboss:service=invoker,socketType=SSLSocketFactory,type=jrmp,wantsClientAuth=true state=Create mode=Manual requiredState=Installed java.lang.IllegalArgumentException: SSLv2Hello at com.ibm.jsse2.mb.a(mb.java:24) at com.ibm.jsse2.lb.<init>(lb.java:41) at com.ibm.jsse2.hc.setEnabledProtocols(hc.java:57) at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:267) at org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:226) at org.jboss.security.ssl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:120) at sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:638) at sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:272) at sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:219) at sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:398) ... This problem was previously reported as JBPAPP-626 but never fixed. I'm creating a new JIRA since it now affects more testcases. These testcases fail: org.jboss.test.jrmp.test.CustomSocketsUnitTestCase org.jboss.test.jrmp.test.SSLFailuresSocketsUnitTestCase org.jboss.test.jrmp.test.SSLSocketsUnitTestCase org.jboss.test.pooled.test.SSLSocketsUnitTestCase We can still leave it as it is - meaning documenting these failures as known issues with IBM JDK. I just wanted to make sure we know about it.

    JBoss Issue Tracker | 8 years ago | Martin Malina
    java.lang.IllegalArgumentException: SSLv2Hello
  2. 0

    When enabling server encryption with the IBM JRE (algorithm: IbmX509), an IllegalArgumentException is thrown from the IBM JSSE when the server is started: ERROR 10:04:37,326 Exception encountered during startup java.lang.IllegalArgumentException: SSLv2Hello at com.ibm.jsse2.qb.a(qb.java:50) at com.ibm.jsse2.pb.a(pb.java:101) at com.ibm.jsse2.pb.<init>(pb.java:77) at com.ibm.jsse2.oc.setEnabledProtocols(oc.java:77) at org.apache.cassandra.security.SSLFactory.getServerSocket(SSLFactory.java:64) at org.apache.cassandra.net.MessagingService.getServerSockets(MessagingService.java:425) at org.apache.cassandra.net.MessagingService.listen(MessagingService.java:409) at org.apache.cassandra.service.StorageService.prepareToJoin(StorageService.java:693) at org.apache.cassandra.service.StorageService.initServer(StorageService.java:623) at org.apache.cassandra.service.StorageService.initServer(StorageService.java:515) at org.apache.cassandra.service.CassandraDaemon.setup(CassandraDaemon.java:437) at org.apache.cassandra.service.CassandraDaemon.activate(CassandraDaemon.java:567) at org.apache.cassandra.service.CassandraDaemon.main(CassandraDaemon.java:656) The problem is that the IBM JSSE does not support SSLv2Hello, but this protocol is hard-coded in class org.apache.cassandra.security.SSLFactory: public static final String[] ACCEPTED_PROTOCOLS = new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"}; public static SSLServerSocket getServerSocket(EncryptionOptions options, InetAddress address, int port) throws IOException { SSLContext ctx = createSSLContext(options, true); SSLServerSocket serverSocket = (SSLServerSocket)ctx.getServerSocketFactory().createServerSocket(); serverSocket.setReuseAddress(true); String[] suits = filterCipherSuites(serverSocket.getSupportedCipherSuites(), options.cipher_suites); serverSocket.setEnabledCipherSuites(suits); serverSocket.setNeedClientAuth(options.require_client_auth); serverSocket.setEnabledProtocols(ACCEPTED_PROTOCOLS); serverSocket.bind(new InetSocketAddress(address, port), 500); return serverSocket; } This ACCEPTED_PROTOCOLS array should not be hard-coded. It should rather read the protocols from configuration, or if the algorithm is IbmX509, simply do not call setEnabledProtocols - with the IBM JSSE, the enabled protocol is controlled by the protocol passed to SSLContext.getInstance.

    Apache's JIRA Issue Tracker | 9 months ago | Guillermo Vega-Toro
    java.lang.IllegalArgumentException: SSLv2Hello
  3. 0

    db:: 3.95::535 5.7.3 Authentication unsuccessful 91

    hivmr.com | 8 months ago
    java.lang.IllegalArgumentException: SSLv2Hello
  4. Speed up your debug routine!

    Automated exception search integrated into your IDE

  5. 0

    SSL issue

    Oracle Community | 4 months ago | Enzo B
    java.lang.IllegalArgumentException: SSLv2Hello
  6. 0

    Artur Nowak's headdump

    anowak.net | 3 months ago
    java.sql.SQLException: The Network Adapter could not establish the connection

    Not finding the right solution?
    Take a tour to get the most out of Samebug.

    Tired of useless tips?

    Automated exception search integrated into your IDE

    Root Cause Analysis

    1. java.lang.IllegalArgumentException

      SSLv2Hello

      at com.ibm.jsse2.mb.a()
    2. com.ibm.jsse2
      hc.setEnabledProtocols
      1. com.ibm.jsse2.mb.a(mb.java:24)
      2. com.ibm.jsse2.lb.<init>(lb.java:41)
      3. com.ibm.jsse2.hc.setEnabledProtocols(hc.java:57)
      3 frames
    3. JBoss Application Server Security
      RMISSLServerSocketFactory.createServerSocket
      1. org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:267)
      2. org.jboss.security.ssl.DomainServerSocketFactory.createServerSocket(DomainServerSocketFactory.java:226)
      3. org.jboss.security.ssl.RMISSLServerSocketFactory.createServerSocket(RMISSLServerSocketFactory.java:120)
      3 frames
    4. Java RT
      TCPEndpoint.exportObject
      1. sun.rmi.transport.tcp.TCPEndpoint.newServerSocket(TCPEndpoint.java:638)
      2. sun.rmi.transport.tcp.TCPTransport.listen(TCPTransport.java:272)
      3. sun.rmi.transport.tcp.TCPTransport.exportObject(TCPTransport.java:219)
      4. sun.rmi.transport.tcp.TCPEndpoint.exportObject(TCPEndpoint.java:398)
      4 frames