Java Client Connection Error: ChangeCipherSpec message sequence violation












5















I have a client server application that has been running fine for awhile now.

Suddenly I am getting the below error when attempting to connect from the client. I see no errors on the server side. The certificates are not expired and I have made no code changes. I do not see any results when searching Google for this error.



javax.net.ssl.SSLProtocolException: ChangeCipherSpec message sequence violation

    at sun.security.ssl.HandshakeStateManager.changeCipherSpec(Unknown Source)

    at sun.security.ssl.Handshaker.receiveChangeCipherSpec(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at java.io.DataInputStream.readUnsignedShort(Unknown Source)

    at java.io.DataInputStream.readUTF(Unknown Source)

    at java.io.DataInputStream.readUTF(Unknown Source)

    at com.jayavon.game.client.cj.run(Unknown Source)

    at java.lang.Thread.run(Unknown Source)


Client Code:



//load your key store as a stream and initialize a KeyStore

KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());    



//if your store is password protected then declare it (it can be null however)

String tsName = "res/gamedata/truststore";

char trustPassword = "--REMOVED--".toCharArray();



//load the stream to your store

trustStore.load(new FileInputStream(tsName), trustPassword);



//initialize a trust manager factory with the trusted store

TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());    

trustFactory.init(trustStore);



//get the trust managers from the factory

TrustManager trustManagers = trustFactory.getTrustManagers();



//initialize an ssl context to use these managers and set as default

SSLContext sslContext = SSLContext.getInstance("SSL");

sslContext.init(null, trustManagers, null);

SSLContext.setDefault(sslContext);



//create sslfactory from the ssl context

SSLSocketFactory factory = sslContext.getSocketFactory();



if (isPROD){

    sC = (SSLSocket) factory.createSocket("--REMOVED--", --REMOVED--);

} else {

    sC = (SSLSocket) factory.createSocket("localhost", --REMOVED--);

}



sC.addHandshakeCompletedListener(new HandshakeCompletedListener(){

    @Override

    public void handshakeCompleted(HandshakeCompletedEvent arg0) {

        logger.info("------HANDSHAKE START------");

        logger.info("Cipher suite: " + arg0.getCipherSuite());



        logger.info("Local Principal: " + arg0.getLocalPrincipal());



        X509Certificate peerCertChain = null;

        try {

            peerCertChain = arg0.getPeerCertificateChain();

        } catch (SSLPeerUnverifiedException e1) {

            logger.error("arg0.getPeerCertificateChain()", e1);

        }

        for (X509Certificate s: peerCertChain){

            logger.info("Local Certificate(SigAlgName): " + s.getSigAlgName());

            logger.info("Local Certificate(SigAlgOID): " + s.getSigAlgOID());

            logger.info("Local Certificate(Version): " + s.getVersion());

            logger.info("Local Certificate(IssuerDN): " + s.getIssuerDN());

            logger.info("Local Certificate(NotAfter): " + s.getNotAfter());

            logger.info("Local Certificate(NotBefore): " + s.getNotBefore());

            logger.info("Local Certificate(PublicKey): " + s.getPublicKey());

            logger.info("Local Certificate(SerialNumber): " + s.getSerialNumber());

            logger.info("Local Certificate(SubjectDN): " + s.getSubjectDN());

        }



        Certificate peerCertificates = null;

        try {

            peerCertificates = arg0.getPeerCertificates();

        } catch (SSLPeerUnverifiedException e) {

            logger.error("arg0.getPeerCertificates()", e);

        }

        for (Certificate s: peerCertificates){

            logger.info("Peer Certificate(public key): " + s.getPublicKey());

        }



        try {

            logger.info("Peer Principal: " + arg0.getPeerPrincipal());

        } catch (SSLPeerUnverifiedException e) {

            logger.error("arg0.getPeerPrincipal()", e);

        }

        logger.info("Session: " + arg0.getSession());

        logger.info("Socket: " + arg0.getSocket());

        logger.info("Source: " + arg0.getSource());

        logger.info("------HANDSHAKE DONE------");

    }

});



sC.startHandshake();


Server Code:



String ksName = "res/gamedata/server.keystore";

char ksPass = "--REMOVED--".toCharArray();



//create new keystore instance

KeyStore ks = KeyStore.getInstance("JKS");



//load the keystore with password into the keystore

ks.load(new FileInputStream(ksName), ksPass);



//create a new keymanagerfactory and initalize with the keystore

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

kmf.init(ks, ksPass);



//initialize an ssl context with TLS with the keymanagers(server certificate/decrypted private key)

SSLContext sc = SSLContext.getInstance("TLS");

sc.init(kmf.getKeyManagers(), null, null);



//create sslfactory from the ssl context

SSLServerSocketFactory ssf = sc.getServerSocketFactory();



//create the server socket for clients to connect to

s = (SSLServerSocket) ssf.createServerSocket(--REMOVED--);



sC = (SSLSocket) s.accept();



sC.addHandshakeCompletedListener(new HandshakeCompletedListener(){

    @Override

    public void handshakeCompleted(HandshakeCompletedEvent arg0) {

        LOGGER.info("------HANDSHAKE START------");

        LOGGER.info("Cipher suite: " + arg0.getCipherSuite());



        Certificate localCerts = arg0.getLocalCertificates();

        for (Certificate s: localCerts){

            LOGGER.info("Local Certificate(public key): " + s.getPublicKey());

        }



        LOGGER.info("Local Principal: " + arg0.getLocalPrincipal());



        LOGGER.info("Session: " + arg0.getSession());

        LOGGER.info("Socket: " + arg0.getSocket());

        LOGGER.info("Source: " + arg0.getSource());

        LOGGER.info("------HANDSHAKE DONE------");

    }

});



try {

    sC.startHandshake();

} catch (SSLHandshakeException e2){

    LOGGER.error("client handshake issue for IP(" + sC.getLocalAddress().toString() + ")", e2);

}





java ssl encryption







share|improve this question























  • How many threads are accessing the socket?

    – James K Polk
    Jan 2 at 22:06











  • Only 1 handler doing the sC accept line and below

    – KisnardOnline
    Jan 2 at 23:56













  • This can happen if you have other Threads reading from the underlying socket.

    – James K Polk
    Jan 3 at 0:23











  • What JDK version is being used on the client and server side? Have there been any recent changes/updates in the JDK versions?

    – M. Rizzo
    Jan 10 at 14:08






  • 1





    possible duplicate of stackoverflow.com/questions/24812755/… Enable debug to see if that could be the case.

    – David
    Jan 11 at 3:50


















5















I have a client server application that has been running fine for awhile now.

Suddenly I am getting the below error when attempting to connect from the client. I see no errors on the server side. The certificates are not expired and I have made no code changes. I do not see any results when searching Google for this error.



javax.net.ssl.SSLProtocolException: ChangeCipherSpec message sequence violation

    at sun.security.ssl.HandshakeStateManager.changeCipherSpec(Unknown Source)

    at sun.security.ssl.Handshaker.receiveChangeCipherSpec(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at java.io.DataInputStream.readUnsignedShort(Unknown Source)

    at java.io.DataInputStream.readUTF(Unknown Source)

    at java.io.DataInputStream.readUTF(Unknown Source)

    at com.jayavon.game.client.cj.run(Unknown Source)

    at java.lang.Thread.run(Unknown Source)


Client Code:



//load your key store as a stream and initialize a KeyStore

KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());    



//if your store is password protected then declare it (it can be null however)

String tsName = "res/gamedata/truststore";

char trustPassword = "--REMOVED--".toCharArray();



//load the stream to your store

trustStore.load(new FileInputStream(tsName), trustPassword);



//initialize a trust manager factory with the trusted store

TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());    

trustFactory.init(trustStore);



//get the trust managers from the factory

TrustManager trustManagers = trustFactory.getTrustManagers();



//initialize an ssl context to use these managers and set as default

SSLContext sslContext = SSLContext.getInstance("SSL");

sslContext.init(null, trustManagers, null);

SSLContext.setDefault(sslContext);



//create sslfactory from the ssl context

SSLSocketFactory factory = sslContext.getSocketFactory();



if (isPROD){

    sC = (SSLSocket) factory.createSocket("--REMOVED--", --REMOVED--);

} else {

    sC = (SSLSocket) factory.createSocket("localhost", --REMOVED--);

}



sC.addHandshakeCompletedListener(new HandshakeCompletedListener(){

    @Override

    public void handshakeCompleted(HandshakeCompletedEvent arg0) {

        logger.info("------HANDSHAKE START------");

        logger.info("Cipher suite: " + arg0.getCipherSuite());



        logger.info("Local Principal: " + arg0.getLocalPrincipal());



        X509Certificate peerCertChain = null;

        try {

            peerCertChain = arg0.getPeerCertificateChain();

        } catch (SSLPeerUnverifiedException e1) {

            logger.error("arg0.getPeerCertificateChain()", e1);

        }

        for (X509Certificate s: peerCertChain){

            logger.info("Local Certificate(SigAlgName): " + s.getSigAlgName());

            logger.info("Local Certificate(SigAlgOID): " + s.getSigAlgOID());

            logger.info("Local Certificate(Version): " + s.getVersion());

            logger.info("Local Certificate(IssuerDN): " + s.getIssuerDN());

            logger.info("Local Certificate(NotAfter): " + s.getNotAfter());

            logger.info("Local Certificate(NotBefore): " + s.getNotBefore());

            logger.info("Local Certificate(PublicKey): " + s.getPublicKey());

            logger.info("Local Certificate(SerialNumber): " + s.getSerialNumber());

            logger.info("Local Certificate(SubjectDN): " + s.getSubjectDN());

        }



        Certificate peerCertificates = null;

        try {

            peerCertificates = arg0.getPeerCertificates();

        } catch (SSLPeerUnverifiedException e) {

            logger.error("arg0.getPeerCertificates()", e);

        }

        for (Certificate s: peerCertificates){

            logger.info("Peer Certificate(public key): " + s.getPublicKey());

        }



        try {

            logger.info("Peer Principal: " + arg0.getPeerPrincipal());

        } catch (SSLPeerUnverifiedException e) {

            logger.error("arg0.getPeerPrincipal()", e);

        }

        logger.info("Session: " + arg0.getSession());

        logger.info("Socket: " + arg0.getSocket());

        logger.info("Source: " + arg0.getSource());

        logger.info("------HANDSHAKE DONE------");

    }

});



sC.startHandshake();


Server Code:



String ksName = "res/gamedata/server.keystore";

char ksPass = "--REMOVED--".toCharArray();



//create new keystore instance

KeyStore ks = KeyStore.getInstance("JKS");



//load the keystore with password into the keystore

ks.load(new FileInputStream(ksName), ksPass);



//create a new keymanagerfactory and initalize with the keystore

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

kmf.init(ks, ksPass);



//initialize an ssl context with TLS with the keymanagers(server certificate/decrypted private key)

SSLContext sc = SSLContext.getInstance("TLS");

sc.init(kmf.getKeyManagers(), null, null);



//create sslfactory from the ssl context

SSLServerSocketFactory ssf = sc.getServerSocketFactory();



//create the server socket for clients to connect to

s = (SSLServerSocket) ssf.createServerSocket(--REMOVED--);



sC = (SSLSocket) s.accept();



sC.addHandshakeCompletedListener(new HandshakeCompletedListener(){

    @Override

    public void handshakeCompleted(HandshakeCompletedEvent arg0) {

        LOGGER.info("------HANDSHAKE START------");

        LOGGER.info("Cipher suite: " + arg0.getCipherSuite());



        Certificate localCerts = arg0.getLocalCertificates();

        for (Certificate s: localCerts){

            LOGGER.info("Local Certificate(public key): " + s.getPublicKey());

        }



        LOGGER.info("Local Principal: " + arg0.getLocalPrincipal());



        LOGGER.info("Session: " + arg0.getSession());

        LOGGER.info("Socket: " + arg0.getSocket());

        LOGGER.info("Source: " + arg0.getSource());

        LOGGER.info("------HANDSHAKE DONE------");

    }

});



try {

    sC.startHandshake();

} catch (SSLHandshakeException e2){

    LOGGER.error("client handshake issue for IP(" + sC.getLocalAddress().toString() + ")", e2);

}





java ssl encryption







share|improve this question























  • How many threads are accessing the socket?

    – James K Polk
    Jan 2 at 22:06











  • Only 1 handler doing the sC accept line and below

    – KisnardOnline
    Jan 2 at 23:56













  • This can happen if you have other Threads reading from the underlying socket.

    – James K Polk
    Jan 3 at 0:23











  • What JDK version is being used on the client and server side? Have there been any recent changes/updates in the JDK versions?

    – M. Rizzo
    Jan 10 at 14:08






  • 1





    possible duplicate of stackoverflow.com/questions/24812755/… Enable debug to see if that could be the case.

    – David
    Jan 11 at 3:50
















5












5








5








I have a client server application that has been running fine for awhile now.

Suddenly I am getting the below error when attempting to connect from the client. I see no errors on the server side. The certificates are not expired and I have made no code changes. I do not see any results when searching Google for this error.



javax.net.ssl.SSLProtocolException: ChangeCipherSpec message sequence violation

    at sun.security.ssl.HandshakeStateManager.changeCipherSpec(Unknown Source)

    at sun.security.ssl.Handshaker.receiveChangeCipherSpec(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at java.io.DataInputStream.readUnsignedShort(Unknown Source)

    at java.io.DataInputStream.readUTF(Unknown Source)

    at java.io.DataInputStream.readUTF(Unknown Source)

    at com.jayavon.game.client.cj.run(Unknown Source)

    at java.lang.Thread.run(Unknown Source)


Client Code:



//load your key store as a stream and initialize a KeyStore

KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());    



//if your store is password protected then declare it (it can be null however)

String tsName = "res/gamedata/truststore";

char trustPassword = "--REMOVED--".toCharArray();



//load the stream to your store

trustStore.load(new FileInputStream(tsName), trustPassword);



//initialize a trust manager factory with the trusted store

TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());    

trustFactory.init(trustStore);



//get the trust managers from the factory

TrustManager trustManagers = trustFactory.getTrustManagers();



//initialize an ssl context to use these managers and set as default

SSLContext sslContext = SSLContext.getInstance("SSL");

sslContext.init(null, trustManagers, null);

SSLContext.setDefault(sslContext);



//create sslfactory from the ssl context

SSLSocketFactory factory = sslContext.getSocketFactory();



if (isPROD){

    sC = (SSLSocket) factory.createSocket("--REMOVED--", --REMOVED--);

} else {

    sC = (SSLSocket) factory.createSocket("localhost", --REMOVED--);

}



sC.addHandshakeCompletedListener(new HandshakeCompletedListener(){

    @Override

    public void handshakeCompleted(HandshakeCompletedEvent arg0) {

        logger.info("------HANDSHAKE START------");

        logger.info("Cipher suite: " + arg0.getCipherSuite());



        logger.info("Local Principal: " + arg0.getLocalPrincipal());



        X509Certificate peerCertChain = null;

        try {

            peerCertChain = arg0.getPeerCertificateChain();

        } catch (SSLPeerUnverifiedException e1) {

            logger.error("arg0.getPeerCertificateChain()", e1);

        }

        for (X509Certificate s: peerCertChain){

            logger.info("Local Certificate(SigAlgName): " + s.getSigAlgName());

            logger.info("Local Certificate(SigAlgOID): " + s.getSigAlgOID());

            logger.info("Local Certificate(Version): " + s.getVersion());

            logger.info("Local Certificate(IssuerDN): " + s.getIssuerDN());

            logger.info("Local Certificate(NotAfter): " + s.getNotAfter());

            logger.info("Local Certificate(NotBefore): " + s.getNotBefore());

            logger.info("Local Certificate(PublicKey): " + s.getPublicKey());

            logger.info("Local Certificate(SerialNumber): " + s.getSerialNumber());

            logger.info("Local Certificate(SubjectDN): " + s.getSubjectDN());

        }



        Certificate peerCertificates = null;

        try {

            peerCertificates = arg0.getPeerCertificates();

        } catch (SSLPeerUnverifiedException e) {

            logger.error("arg0.getPeerCertificates()", e);

        }

        for (Certificate s: peerCertificates){

            logger.info("Peer Certificate(public key): " + s.getPublicKey());

        }



        try {

            logger.info("Peer Principal: " + arg0.getPeerPrincipal());

        } catch (SSLPeerUnverifiedException e) {

            logger.error("arg0.getPeerPrincipal()", e);

        }

        logger.info("Session: " + arg0.getSession());

        logger.info("Socket: " + arg0.getSocket());

        logger.info("Source: " + arg0.getSource());

        logger.info("------HANDSHAKE DONE------");

    }

});



sC.startHandshake();


Server Code:



String ksName = "res/gamedata/server.keystore";

char ksPass = "--REMOVED--".toCharArray();



//create new keystore instance

KeyStore ks = KeyStore.getInstance("JKS");



//load the keystore with password into the keystore

ks.load(new FileInputStream(ksName), ksPass);



//create a new keymanagerfactory and initalize with the keystore

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

kmf.init(ks, ksPass);



//initialize an ssl context with TLS with the keymanagers(server certificate/decrypted private key)

SSLContext sc = SSLContext.getInstance("TLS");

sc.init(kmf.getKeyManagers(), null, null);



//create sslfactory from the ssl context

SSLServerSocketFactory ssf = sc.getServerSocketFactory();



//create the server socket for clients to connect to

s = (SSLServerSocket) ssf.createServerSocket(--REMOVED--);



sC = (SSLSocket) s.accept();



sC.addHandshakeCompletedListener(new HandshakeCompletedListener(){

    @Override

    public void handshakeCompleted(HandshakeCompletedEvent arg0) {

        LOGGER.info("------HANDSHAKE START------");

        LOGGER.info("Cipher suite: " + arg0.getCipherSuite());



        Certificate localCerts = arg0.getLocalCertificates();

        for (Certificate s: localCerts){

            LOGGER.info("Local Certificate(public key): " + s.getPublicKey());

        }



        LOGGER.info("Local Principal: " + arg0.getLocalPrincipal());



        LOGGER.info("Session: " + arg0.getSession());

        LOGGER.info("Socket: " + arg0.getSocket());

        LOGGER.info("Source: " + arg0.getSource());

        LOGGER.info("------HANDSHAKE DONE------");

    }

});



try {

    sC.startHandshake();

} catch (SSLHandshakeException e2){

    LOGGER.error("client handshake issue for IP(" + sC.getLocalAddress().toString() + ")", e2);

}





java ssl encryption







share|improve this question














I have a client server application that has been running fine for awhile now.

Suddenly I am getting the below error when attempting to connect from the client. I see no errors on the server side. The certificates are not expired and I have made no code changes. I do not see any results when searching Google for this error.



javax.net.ssl.SSLProtocolException: ChangeCipherSpec message sequence violation

    at sun.security.ssl.HandshakeStateManager.changeCipherSpec(Unknown Source)

    at sun.security.ssl.Handshaker.receiveChangeCipherSpec(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

    at sun.security.ssl.SSLSocketImpl.readDataRecord(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at sun.security.ssl.AppInputStream.read(Unknown Source)

    at java.io.DataInputStream.readUnsignedShort(Unknown Source)

    at java.io.DataInputStream.readUTF(Unknown Source)

    at java.io.DataInputStream.readUTF(Unknown Source)

    at com.jayavon.game.client.cj.run(Unknown Source)

    at java.lang.Thread.run(Unknown Source)


Client Code:



//load your key store as a stream and initialize a KeyStore

KeyStore trustStore = KeyStore.getInstance(KeyStore.getDefaultType());    



//if your store is password protected then declare it (it can be null however)

String tsName = "res/gamedata/truststore";

char trustPassword = "--REMOVED--".toCharArray();



//load the stream to your store

trustStore.load(new FileInputStream(tsName), trustPassword);



//initialize a trust manager factory with the trusted store

TrustManagerFactory trustFactory = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());    

trustFactory.init(trustStore);



//get the trust managers from the factory

TrustManager trustManagers = trustFactory.getTrustManagers();



//initialize an ssl context to use these managers and set as default

SSLContext sslContext = SSLContext.getInstance("SSL");

sslContext.init(null, trustManagers, null);

SSLContext.setDefault(sslContext);



//create sslfactory from the ssl context

SSLSocketFactory factory = sslContext.getSocketFactory();



if (isPROD){

    sC = (SSLSocket) factory.createSocket("--REMOVED--", --REMOVED--);

} else {

    sC = (SSLSocket) factory.createSocket("localhost", --REMOVED--);

}



sC.addHandshakeCompletedListener(new HandshakeCompletedListener(){

    @Override

    public void handshakeCompleted(HandshakeCompletedEvent arg0) {

        logger.info("------HANDSHAKE START------");

        logger.info("Cipher suite: " + arg0.getCipherSuite());



        logger.info("Local Principal: " + arg0.getLocalPrincipal());



        X509Certificate peerCertChain = null;

        try {

            peerCertChain = arg0.getPeerCertificateChain();

        } catch (SSLPeerUnverifiedException e1) {

            logger.error("arg0.getPeerCertificateChain()", e1);

        }

        for (X509Certificate s: peerCertChain){

            logger.info("Local Certificate(SigAlgName): " + s.getSigAlgName());

            logger.info("Local Certificate(SigAlgOID): " + s.getSigAlgOID());

            logger.info("Local Certificate(Version): " + s.getVersion());

            logger.info("Local Certificate(IssuerDN): " + s.getIssuerDN());

            logger.info("Local Certificate(NotAfter): " + s.getNotAfter());

            logger.info("Local Certificate(NotBefore): " + s.getNotBefore());

            logger.info("Local Certificate(PublicKey): " + s.getPublicKey());

            logger.info("Local Certificate(SerialNumber): " + s.getSerialNumber());

            logger.info("Local Certificate(SubjectDN): " + s.getSubjectDN());

        }



        Certificate peerCertificates = null;

        try {

            peerCertificates = arg0.getPeerCertificates();

        } catch (SSLPeerUnverifiedException e) {

            logger.error("arg0.getPeerCertificates()", e);

        }

        for (Certificate s: peerCertificates){

            logger.info("Peer Certificate(public key): " + s.getPublicKey());

        }



        try {

            logger.info("Peer Principal: " + arg0.getPeerPrincipal());

        } catch (SSLPeerUnverifiedException e) {

            logger.error("arg0.getPeerPrincipal()", e);

        }

        logger.info("Session: " + arg0.getSession());

        logger.info("Socket: " + arg0.getSocket());

        logger.info("Source: " + arg0.getSource());

        logger.info("------HANDSHAKE DONE------");

    }

});



sC.startHandshake();


Server Code:



String ksName = "res/gamedata/server.keystore";

char ksPass = "--REMOVED--".toCharArray();



//create new keystore instance

KeyStore ks = KeyStore.getInstance("JKS");



//load the keystore with password into the keystore

ks.load(new FileInputStream(ksName), ksPass);



//create a new keymanagerfactory and initalize with the keystore

KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");

kmf.init(ks, ksPass);



//initialize an ssl context with TLS with the keymanagers(server certificate/decrypted private key)

SSLContext sc = SSLContext.getInstance("TLS");

sc.init(kmf.getKeyManagers(), null, null);



//create sslfactory from the ssl context

SSLServerSocketFactory ssf = sc.getServerSocketFactory();



//create the server socket for clients to connect to

s = (SSLServerSocket) ssf.createServerSocket(--REMOVED--);



sC = (SSLSocket) s.accept();



sC.addHandshakeCompletedListener(new HandshakeCompletedListener(){

    @Override

    public void handshakeCompleted(HandshakeCompletedEvent arg0) {

        LOGGER.info("------HANDSHAKE START------");

        LOGGER.info("Cipher suite: " + arg0.getCipherSuite());



        Certificate localCerts = arg0.getLocalCertificates();

        for (Certificate s: localCerts){

            LOGGER.info("Local Certificate(public key): " + s.getPublicKey());

        }



        LOGGER.info("Local Principal: " + arg0.getLocalPrincipal());



        LOGGER.info("Session: " + arg0.getSession());

        LOGGER.info("Socket: " + arg0.getSocket());

        LOGGER.info("Source: " + arg0.getSource());

        LOGGER.info("------HANDSHAKE DONE------");

    }

});



try {

    sC.startHandshake();

} catch (SSLHandshakeException e2){

    LOGGER.error("client handshake issue for IP(" + sC.getLocalAddress().toString() + ")", e2);

}





java ssl encryption




java ssl encryption






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Jan 2 at 5:19









KisnardOnlineKisnardOnline

29621230




29621230













  • How many threads are accessing the socket?

    – James K Polk
    Jan 2 at 22:06











  • Only 1 handler doing the sC accept line and below

    – KisnardOnline
    Jan 2 at 23:56













  • This can happen if you have other Threads reading from the underlying socket.

    – James K Polk
    Jan 3 at 0:23











  • What JDK version is being used on the client and server side? Have there been any recent changes/updates in the JDK versions?

    – M. Rizzo
    Jan 10 at 14:08






  • 1





    possible duplicate of stackoverflow.com/questions/24812755/… Enable debug to see if that could be the case.

    – David
    Jan 11 at 3:50





















  • How many threads are accessing the socket?

    – James K Polk
    Jan 2 at 22:06











  • Only 1 handler doing the sC accept line and below

    – KisnardOnline
    Jan 2 at 23:56













  • This can happen if you have other Threads reading from the underlying socket.

    – James K Polk
    Jan 3 at 0:23











  • What JDK version is being used on the client and server side? Have there been any recent changes/updates in the JDK versions?

    – M. Rizzo
    Jan 10 at 14:08






  • 1





    possible duplicate of stackoverflow.com/questions/24812755/… Enable debug to see if that could be the case.

    – David
    Jan 11 at 3:50



















How many threads are accessing the socket?

– James K Polk
Jan 2 at 22:06





How many threads are accessing the socket?

– James K Polk
Jan 2 at 22:06













Only 1 handler doing the sC accept line and below

– KisnardOnline
Jan 2 at 23:56







Only 1 handler doing the sC accept line and below

– KisnardOnline
Jan 2 at 23:56















This can happen if you have other Threads reading from the underlying socket.

– James K Polk
Jan 3 at 0:23





This can happen if you have other Threads reading from the underlying socket.

– James K Polk
Jan 3 at 0:23













What JDK version is being used on the client and server side? Have there been any recent changes/updates in the JDK versions?

– M. Rizzo
Jan 10 at 14:08





What JDK version is being used on the client and server side? Have there been any recent changes/updates in the JDK versions?

– M. Rizzo
Jan 10 at 14:08




1




1





possible duplicate of stackoverflow.com/questions/24812755/… Enable debug to see if that could be the case.

– David
Jan 11 at 3:50







possible duplicate of stackoverflow.com/questions/24812755/… Enable debug to see if that could be the case.

– David
Jan 11 at 3:50














1 Answer
1






active

oldest

votes


















0














The solution was to follow what David commented.



sC.setEnabledProtocols(new String{"TLSv1.2"});





share|improve this answer























    Your Answer






    StackExchange.ifUsing("editor", function () {
    StackExchange.using("externalEditor", function () {
    StackExchange.using("snippets", function () {
    StackExchange.snippets.init();
    });
    });
    }, "code-snippets");

    StackExchange.ready(function() {
    var channelOptions = {
    tags: "".split(" "),
    id: "1"
    };
    initTagRenderer("".split(" "), "".split(" "), channelOptions);

    StackExchange.using("externalEditor", function() {
    // Have to fire editor after snippets, if snippets enabled
    if (StackExchange.settings.snippets.snippetsEnabled) {
    StackExchange.using("snippets", function() {
    createEditor();
    });
    }
    else {
    createEditor();
    }
    });

    function createEditor() {
    StackExchange.prepareEditor({
    heartbeatType: 'answer',
    autoActivateHeartbeat: false,
    convertImagesToLinks: true,
    noModals: true,
    showLowRepImageUploadWarning: true,
    reputationToPostImages: 10,
    bindNavPrevention: true,
    postfix: "",
    imageUploader: {
    brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
    contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
    allowUrls: true
    },
    onDemand: true,
    discardSelector: ".discard-answer"
    ,immediatelyShowMarkdownHelp:true
    });


    }
    });














    draft saved

    draft discarded


















    StackExchange.ready(
    function () {
    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54001554%2fjava-client-connection-error-changecipherspec-message-sequence-violation%23new-answer', 'question_page');
    }
    );

    Post as a guest















    Required, but never shown

























    1 Answer
    1






    active

    oldest

    votes








    1 Answer
    1






    active

    oldest

    votes









    active

    oldest

    votes






    active

    oldest

    votes









    0














    The solution was to follow what David commented.



    sC.setEnabledProtocols(new String{"TLSv1.2"});





    share|improve this answer




























      0














      The solution was to follow what David commented.



      sC.setEnabledProtocols(new String{"TLSv1.2"});





      share|improve this answer


























        0












        0








        0







        The solution was to follow what David commented.



        sC.setEnabledProtocols(new String{"TLSv1.2"});





        share|improve this answer













        The solution was to follow what David commented.



        sC.setEnabledProtocols(new String{"TLSv1.2"});






        share|improve this answer












        share|improve this answer



        share|improve this answer










        answered Jan 13 at 20:44









        KisnardOnlineKisnardOnline

        29621230




        29621230
































            draft saved

            draft discarded




















































            Thanks for contributing an answer to Stack Overflow!


            • Please be sure to answer the question. Provide details and share your research!

            But avoid



            • Asking for help, clarification, or responding to other answers.

            • Making statements based on opinion; back them up with references or personal experience.


            To learn more, see our tips on writing great answers.




            draft saved


            draft discarded














            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f54001554%2fjava-client-connection-error-changecipherspec-message-sequence-violation%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown





















































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown

































            Required, but never shown














            Required, but never shown












            Required, but never shown







            Required, but never shown







            Popular posts from this blog

            MongoDB - Not Authorized To Execute Command

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I have successfully enabled authorization on MongoDB and I have created an account on the admin database and then I created an account for my database called test. The following connection string to connect to my test database works successfully: mongo --host 192.168.17.52 --port 27017 -u user1 -p password --authenticationDatabase test Only problem I have now is, I cannot execute commands such as: show dbs. I get the following error when I try to do so: "errmsg" : "not authorized on admin to execute command { listDatabases: 1.0, lsid: { id: UUID("a1d5bc0d-bc58-485e-b232-270758a89455") }, $db: "admin...
            Read more

            How to fix TextFormField cause rebuild widget in Flutter

            Image
            .everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box; } 0 I've got the same issue at #9280. I tried all solutions from that topic with/without GlobalKey for Scaffold and Form but the problem wasn't fixed. I tried to build a authentication form with login and signup. But the keyboard doesn't show when I tap the TextFormField at the first time. Then I try to input some letter from physical keyboard, the widget is rebuilt. Like this: login screen Nothing to be log when I run flutter run --verbose, so I logged manually. Every tapping on field, the widget called dispose -> init -> build. [√] Flutter (Channel beta, v1.0.0, on Microsoft Windows [Version 10.0.17763.195], ...
            Read more

            Npm cannot find a required file even through it is in the searched directory

            Image
            up vote 0 down vote favorite I got that error: users-Air:pdfuploader user$ npm run start client@0.1.0 start /Users/user/Documents/pdfuploader react-scripts start Could not find a required file. Name: index.html Searched in: /Users/user/Documents/pdfuploader/public npm ERR! code ELIFECYCLE npm ERR! errno 1 npm ERR! client@0.1.0 start: `react-scripts start` npm ERR! Exit status 1 npm ERR! npm ERR! Failed at the client@0.1.0 start script. npm ERR! This is probably not a problem with npm. There is likely additional logging output above. npm ERR! A complete log of this run can be found in: npm ERR! /Users/user/.npm/_logs/2018-11-19T10_19_14_555Z-debug.log users-Air:pdfuploader user$ And the file is in /Users/user/Documents/pdfuploader/public as you can see in my github repository: https://github.c...
            Read more