Error, "SSL peer shut down incorrectly","Remote host closed connection during handshake" when BW conncts to MQ and fails right after BW sends ClietHello.
Article ID: KB0085008
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
Description:
In many MQ SSL cases, BW sends ClientHello to MQ server and logs the following lines. There is no ServerHello back from the MQ server which makes it hard to find the root cause.
Thread-157, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Thread-157, SEND SSLv3 ALERT: fatal, description = handshake_failure
Symptoms:
Thread-157, received EOFException: error
Thread-157, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Thread-157, SEND SSLv3 ALERT: fatal, description = handshake_failure
Thread-157, WRITE: SSLv3 Alert, length = 2
ava.io.EOFException: SSL peer shut down incorrectly
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=127.0.0.1/127.0.0.1:1414 (127.0.0.1),4=SSLSocket.startHandshake,5=default]
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host '127.0.0.1(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=127.0.0.1/127.0.0.1:1414 (127.0.0.1),4=SSLSocket.startHandshake,5=default]],3=127.0.0.1(1414),5=RemoteTCPConnection.protocolConnect]
linked JMS exception: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').
Cause:
For errors like the above, it means the SSL Server is not configured to accept SSL CLientHello. i.e, the SSL server fails to initialize itself to use SSL or the sever may not have SSL enabled.
In many MQ SSL cases, BW sends ClientHello to MQ server and logs the following lines. There is no ServerHello back from the MQ server which makes it hard to find the root cause.
Thread-157, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Thread-157, SEND SSLv3 ALERT: fatal, description = handshake_failure
Symptoms:
Thread-157, received EOFException: error
Thread-157, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
Thread-157, SEND SSLv3 ALERT: fatal, description = handshake_failure
Thread-157, WRITE: SSLv3 Alert, length = 2
ava.io.EOFException: SSL peer shut down incorrectly
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=127.0.0.1/127.0.0.1:1414 (127.0.0.1),4=SSLSocket.startHandshake,5=default]
com.ibm.mq.jmqi.JmqiException: CC=2;RC=2397;AMQ9204: Connection to host '127.0.0.1(1414)' rejected. [1=com.ibm.mq.jmqi.JmqiException[CC=2;RC=2397;AMQ9771: SSL handshake failed. [1=javax.net.ssl.SSLHandshakeException[Remote host closed connection during handshake],3=127.0.0.1/127.0.0.1:1414 (127.0.0.1),4=SSLSocket.startHandshake,5=default]],3=127.0.0.1(1414),5=RemoteTCPConnection.protocolConnect]
linked JMS exception: com.ibm.mq.MQException: JMSCMQ0001: WebSphere MQ call failed with compcode '2' ('MQCC_FAILED') reason '2397' ('MQRC_JSSE_ERROR').
Cause:
For errors like the above, it means the SSL Server is not configured to accept SSL CLientHello. i.e, the SSL server fails to initialize itself to use SSL or the sever may not have SSL enabled.
Issue/Introduction
Error, "SSL peer shut down incorrectly","Remote host closed connection
during handshake" when BW conncts to MQ and fails right after BW sends
ClietHello.
Resolution
For MQ server, the keystore configuration on the SSL filed of the queue manager may have been wrong. Note that a correct format is "C:\IBM\WebSphere
MQ\Qmgrs\QM_for_TIBCO3\ssl\NoOID\key" in which "C:\IBM\WebSphere
MQ\Qmgrs\QM_for_TIBCO3\ssl\NoOID" is the folder where you save the
"key.kdb" file. You may miss the "\key" after the full folder
path "C:\IBM\WebSphere MQ\Qmgrs\QM_for_TIBCO3\ssl\NoOID", which would
result in the errors above.
See the attached (Filename: SSL_peer_shut_down_incorrectly.txt) for reference.
Additional Information
Attachments
Feedback
Yes
No
Powered by
