HTTPS setup failing to create CXF service that responds to connections

Solution Unverified - Updated -

Issue

  • My goal is to get a CXF SOAP service up and running with WS-Security, WS-Policy, and connecting with my SAAJ client over HTTPS.

The CXF Soap service is configured with following SSL setting:

<http-jetty:engine-factory bus="cxf">
    <http-jetty:engine port="8043">
        <http-jetty:tlsServerParameters xmlns:sec="http://cxf.apache.org/configuration/security">
            <sec:keyManagers keyPassword="keypass">
                <sec:keyStore type="JKS" password="keypass" resource="keystore/keystore.jks" />
            </sec:keyManagers>                                
            <sec:trustManagers>
                <sec:keyStore type="JKS" password="trustpass" resource="keystore/truststore.jks" />
            </sec:trustManagers>
            <sec:cipherSuitesFilter>
                <sec:include>.*_EXPORT_.*</sec:include>
                <sec:include>.*_EXPORT1024_.*</sec:include>
                <sec:include>.*_WITH_DES_.*</sec:include>
                <sec:include>.*_WITH_NULL_.*</sec:include>
                <sec:exclude>.*_DH_anon_.*</sec:exclude>
            </sec:cipherSuitesFilter>                                
            <sec:clientAuthentication want="false" required="false" />
        </http-jetty:tlsServerParameters>
    </http-jetty:engine>
</http-jetty:engine-factory>

But I am getting a SSL handshake exception:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

After enabling SSL debug logging using system property "-Djavax.net.debug=ssl", I can see further debug logging:

Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
No available cipher suite for SSLv2Hello
No available cipher suite for SSLv3
No available cipher suite for TLSv1
No available cipher suite for TLSv1.1
No available cipher suite for TLSv1.2
qtp9473052-357, fatal error: 80: problem unwrapping net record
javax.net.ssl.SSLHandshakeException: No appropriate protocol
qtp9473052-357, SEND TLSv1 ALERT:  fatal, description = internal_error
qtp9473052-357, WRITE: TLSv1 Alert, length = 2

Any idea what could be the root cause of this issue?

Environment

  • Fuse ESB Enterprise 7.1.0;
  • Red Hat JBoss Fuse 6.x;
  • Oracle JDK 1.7;

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content