RestEasy client with SSL/TLS receives SSLHandshakeException/handshake_failure

Solution Verified - Updated -

Issue

  • RestEasy client is not sending the SNI (service Name Indication) extension to a SSL/TLS endpoint.
  • A RestEasy client is failing to establish SSL/TLS communication with the following exception:

    Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
            at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
            at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
            at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
            at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
            at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
            at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
            at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
            at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
            at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
            at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
            at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
            at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
            at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
            at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
            at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
            at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
    

Environment

  • Red Hat JBoss Enterprise Application Platform (EAP)
    • 6.4
    • 7
  • Java Development Kit (JDK)
    • Sun/Oracle 8
    • OpenJDK 8
  • RestEasy client accessing an HTTS endpoint with required SNI extension.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.