Java 1.8 and tomcat 6.0.53 Caused by: java.io.EOFException: SSL peer shut down incorrectly

Question

java -cp catalina.jar org.apache.catalina.util.ServerInfo
Server version: Apache Tomcat/6.0.53
Server built:   Apr 19 2017 22:34:06 UTC
Server number:  6.0.53.0
OS Name:        Linux
OS Version:     4.1.7-15.23.amzn1.x86_64
Architecture:   amd64
JVM Version:    1.8.0_171-b10
JVM Vendor:     Oracle Corporation

When i run the same code in Stand alone java code, i get responses whereas when i run in web app i am getting this error.

Java 1.8 and tomcat 6.0.53 Caused by: java.io.EOFException: SSL peer shut down incorrectly

Code:

HttpClient httpclient = HttpClientBuilder.create().build();
//        HttpClient httpclient = buildInfoPayHttpClient();
//        if (httpclient == null) {
//            return null;
//        }
        try {
            StringBuilder sb = new StringBuilder();
            sb.append(FlintoUtils.getPayUFetchUrl());

            List<NameValuePair> postParameters =  new ArrayList<NameValuePair>();
            postParameters.add(new BasicNameValuePair("key", FlintoUtils.getPayuMerchantKey()));
            postParameters.add(new BasicNameValuePair("command", "verify_payment"));
            postParameters.add(new BasicNameValuePair("hash", hash));
            postParameters.add(new BasicNameValuePair("var1", orderId.toString()));

            HttpPost httppost = new HttpPost(sb.toString());
            httppost.setEntity(new UrlEncodedFormEntity(postParameters));

            HttpResponse response = httpclient.execute(httppost);

            _log.warn(orderId.toString() + " Url:"+FlintoUtils.getPayUFetchUrl() + " Response: " + response.toString());

            // Get hold of the response entity
            HttpEntity outputEntity = response.getEntity();

            // If the response does not enclose an entity, there is no need
            // to worry about connection release
            if (outputEntity != null) {
                try {
                    String output = EntityUtils.toString(outputEntity);
                    _log.warn("output for order:" +orderId + "  is:" +output);
                    JSONObject jsonObject = new JSONObject(output);
                    return jsonObject;

                } catch (Exception ex) {
                    _log.error("Exception in fetchPayuStatus: " , ex);
                    throw ex;

                } 
            }
        } catch (Exception e) {
           _log.error("Exception in fetchPayuStatus: " , e);
        } 
        return null;

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
            at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:963)
            at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1342)
            at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1369)
            at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1353)
            at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:275)
            at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:254)
            at org.apache.http.impl.conn.HttpClientConnectionOperator.connect(HttpClientConnectionOperator.java:123)
            at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:318)
            at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:363)
            at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:219)
            at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:195)
            at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:86)
            at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:108)
            at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
            at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
            at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:106)
            at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:57)
            at com.flinto.core.admin.WebClientUtility.fetchPayuStatus(WebClientUtility.java:377)
            at com.flinto.web.controller.CreateOrderAdminController.updateOrderPaymentStatus(CreateOrderAdminController.java:849)
            at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
            at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
            at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
            at java.lang.reflect.Method.invoke(Method.java:606)
            at org.springframework.web.method.support.InvocableHandlerMethod.invoke(InvocableHandlerMethod.java:219)
            at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:132)
            at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:100)
            at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:604)
            at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:565)
            at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:80)
            at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:923)
            at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:852)
            at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:882)
            at org.springframework.web.servlet.FrameworkServlet.doGet(FrameworkServlet.java:778)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:617)
            at javax.servlet.http.HttpServlet.service(HttpServlet.java:723)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:290)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at com.flinto.web.utils.WebCommon.urlRedirectByAccessRole(WebCommon.java:402)
            at com.flinto.web.filter.UrlRedirectionFilter.doFilter(UrlRedirectionFilter.java:37)
            at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
            at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:322)
            at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:116)
            at org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:83)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:113)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.session.SessionManagementFilter.doFilter(SessionManagementFilter.java:103)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:113)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:54)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.savedrequest.RequestCacheAwareFilter.doFilter(RequestCacheAwareFilter.java:45)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:182)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.access.channel.ChannelProcessingFilter.doFilter(ChannelProcessingFilter.java:144)
            at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:334)
            at org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:184)
            at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:155)
            at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
            at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
            at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at com.flinto.web.filter.ApexDomainRedirectFilter.doFilter(ApexDomainRedirectFilter.java:37)
            at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
            at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
            at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:235)
            at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:206)
            at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:233)
            at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:191)
            at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:127)
            at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:103)
            at org.apache.catalina.valves.RemoteIpValve.invoke(RemoteIpValve.java:652)
            at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:109)
            at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:293)
            at org.apache.coyote.http11.Http11NioProcessor.process(Http11NioProcessor.java:883)
            at org.apache.coyote.http11.Http11NioProtocol$Http11ConnectionHandler.process(Http11NioProtocol.java:756)
            at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.run(NioEndpoint.java:2391)
            at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1152)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:622)
            at java.lang.Thread.run(Thread.java:748)
    Caused by: java.io.EOFException: SSL peer shut down incorrectly
            at sun.security.ssl.InputRecord.read(InputRecord.java:482)
            at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:944)
            ... 92 more

Answer 1

you have to add below line to solve handshake error

System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");

You can find related article here and here

Answer 2

Finally i was able to solve with a help of a friend. We were able to debug and point the problem with SSL Debug enabled -Djavax.net.debug=ssl which would gives all debug logs related to SSL.

The problem was tomcat was referring to older version of java 1.8. The newer version of Java 1.8 had more supportable Cipher Suites when compared to older version of Cipher Suites.

The server was expecting much more stronger cipher suites (PCI Standard update from TLS1.0 to TLS1.2) I was fortunate to understand the underlying process

1. When we invoke the API Client says hello to server by providing the Security protocol and Cipher suites. *** ClientHello, TLSv1.2

2. Client - Server Handshake happens

3. Server sends Hello to Client

   Extension extended_master_secret Extension server_name, server_name: [type=host_name (0), value=*****] http-443-exec-5, WRITE: TLSv1.2 Handshake, length = 206 http-443-exec-5, READ: TLSv1.2 Handshake, length = 93 *** ServerHello, TLSv1.2

4. Verify the certificates using the cipher suites

5. Allow the api call to server
6. write the response to client

SSL - Still an unsolved mystery to me and loveable topic to work always. SSL puts hands into the brain :-)