Hi Team,
Below is my API by which I am generating token for accept hosted.
Earlier it was working before 1May 2017 with JDK 1.7.
System.setProperty("https.protocols", "TLSv1.2"); System.setProperty("javax.net.debug", "ssl:handshake"); RuntimeMXBean runtimeMXBean = ManagementFactory.getRuntimeMXBean(); List<String> jvmArgs = runtimeMXBean.getInputArguments(); for (String arg : jvmArgs) { System.out.println(arg); } System.out.println(System.getenv()); //ApiOperationBase.setEnvironment(Environment.PRODUCTION); ApiOperationBase.setEnvironment(Environment.SANDBOX); MerchantAuthenticationType merchantAuthenticationType = new MerchantAuthenticationType() ; merchantAuthenticationType.setName(apiLoginId); merchantAuthenticationType.setTransactionKey(transactionKey); ApiOperationBase.setMerchantAuthentication(merchantAuthenticationType); // Create the payment transaction request TransactionRequestType txnRequest = new TransactionRequestType(); txnRequest.setTransactionType(TransactionTypeEnum.AUTH_CAPTURE_TRANSACTION.value()); txnRequest.setAmount(new BigDecimal(amount).setScale(2, RoundingMode.CEILING)); SettingType setting1 = new SettingType(); setting1.setSettingName("hostedPaymentButtonOptions"); setting1.setSettingValue("{\"text\": \"Pay\"}"); SettingType setting2 = new SettingType(); setting2.setSettingName("hostedPaymentOrderOptions"); setting2.setSettingValue("{\"show\": false}"); SettingType setting3 = new SettingType(); setting3.setSettingName("hostedPaymentIFrameCommunicatorUrl"); setting3.setSettingValue("{\"url\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"}"); SettingType setting4 = new SettingType(); setting4.setSettingName("hostedPaymentPaymentOptions"); setting4.setSettingValue("{\"cardCodeRequired\": true}"); SettingType setting5 = new SettingType(); setting5.setSettingName("hostedPaymentShippingAddressOptions"); setting5.setSettingValue("{\"show\": false}"); SettingType setting6 = new SettingType(); setting6.setSettingName("hostedPaymentBillingAddressOptions"); setting6.setSettingValue("{\"show\": false, \"required\":false}"); SettingType setting7 = new SettingType(); setting7.setSettingName("hostedPaymentReturnOptions"); setting7.setSettingValue("{\"showReceipt\": false, \"url\": \"xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",\"cancelUrl\": \"xxxxxxxxxxxx"}"); ArrayOfSetting alist = new ArrayOfSetting(); alist.getSetting().add(setting1); alist.getSetting().add(setting2); alist.getSetting().add(setting3); alist.getSetting().add(setting4); alist.getSetting().add(setting5); alist.getSetting().add(setting6); alist.getSetting().add(setting7); GetHostedPaymentPageRequest apiRequest = new GetHostedPaymentPageRequest(); apiRequest.setTransactionRequest(txnRequest); apiRequest.setHostedPaymentSettings(alist); GetHostedPaymentPageController controller = new GetHostedPaymentPageController(apiRequest); controller.execute(); GetHostedPaymentPageResponse response = new GetHostedPaymentPageResponse(); response = controller.getApiResponse(); if (response!=null) { if (response.getMessages().getResultCode() == MessageTypeEnum. OK) { System.out.println(response.getMessages().getMessage().get(0).getCode()); System.out.println(response.getMessages().getMessage().get(0).getText()); System.out.println(response.getToken()); } else { System.out.println("Failed to get hosted payment page: " + response.getMessages().getResultCode()); } return response; } }catch(Exception e){e.printStackTrace();} return null; }
After disablement of TLS1.0 and 1.1 it is not working even after setting TLS1.2 with java code as well JVM arguments but not luck with JDK1.7.
I have checked 'controller' object and found response of this api is null.
WHen I enable ssl:handshake debugging it is giving me below error:
** pool-1-thread-1, WRITE: TLSv1 Handshake, length = 149 pool-1-thread-1, received EOFException: error pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake pool-1-thread-1, SEND TLSv1 ALERT: fatal, description = handshake_failure pool-1-thread-1, WRITE: TLSv1 Alert, length = 2 pool-1-thread-1, called closeSocket() pool-1-thread-1, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake pool-1-thread-1, called close() pool-1-thread-1, called closeInternal(true) pool-1-thread-1, called close() pool-1-thread-1, called closeInternal(true) [comment]: SUCCESS: Assembly.Load(ProcMonInject, Version=2.7.5159.0, Culture=neutral, PublicKeyToken=d34a061f079be347)
Can anyone suggest what is missing or what is the wrong thing I am doing here?
Solved! Go to Solution.
05-05-2017 01:46 AM
Finally I have concluded on workaround for this issue.
I have added below code snippet in GetAnAcceptPaymentPage API calling.
final SSLContext sc = SSLContext.getInstance("TLSv1.2"); sc.init(null,null, new java.security.SecureRandom()); final SSLSocketFactory socketFactory = sc.getSocketFactory(); HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
and it is working fine with jdk1.7 and TLSv1.2.(Lot more to resolve like this way!!!! :)....)
And if this is concrete solutions to get the Token from AN server.
I really appreciate your help and quick response.
05-10-2017 11:14 PM
The handshake failure could be occurring due to a variety of reasons:
Since, the underlying failure cannot be pinpointed, it is better to switch on the -Djavax.net.debug=all flag to enable debugging of the SSL connection established. With the debug switched on, you can pinpoint what activity in the handshake has failed.
Most classes/libraries rely on the trust store used by the JVM for certificate validation. In most cases, this will be the cacerts file in the JRE_HOME/lib/security directory. If the location of the trust store has been specified using the JVM system property javax.net.ssl.trustStore, then the store in that path is usually the one used by the client library.
05-05-2017 03:59 AM
I have tried to look into full debug log but not getting any idea from that debug.
It seems my client is still sending TLSv1.
trigger seeding of SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false pool-1-thread-1, setSoTimeout(30000) called %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1493984546 bytes = { 77, 239, 5, 146, 194, 54, 254, 85, 200, 232, 225, 148, 38, 208, 149, 244, 230, 203, 78, 120, 235, 28, 36, 161, 219, 67, 139, 165 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] *** pool-1-thread-1, WRITE: TLSv1 Handshake, length = 149 pool-1-thread-1, received EOFException: error pool-1-thread-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake pool-1-thread-1, SEND TLSv1 ALERT: fatal, description = handshake_failure pool-1-thread-1, WRITE: TLSv1 Alert, length = 2 pool-1-thread-1, called closeSocket() pool-1-thread-1, IOException in getSession(): javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake pool-1-thread-1, called close() pool-1-thread-1, called closeInternal(true) pool-1-thread-1, called close() pool-1-thread-1, called closeInternal(true)
Can you please suggest what exactly should i look into ?
05-05-2017 05:14 AM
The JDK provides a separate package called JCE Unlimited Strength, designed to add stronger algorithm support than what’s available by default.
05-05-2017 05:47 AM
I don't think this is root cause of the issue which I am facing.
Could you please elaborate in details ?
This is working perfactly with Jdk1.8 but when I point it to 1.7 and pass the TLSv1.2 VM arguments, it is not working and throwing exception.
05-08-2017 04:08 AM
Team,
I am totaly clueless.
This is really blocker for me. Can anyone please guide here ?
Thanks In advance.
RavI Parmar
05-08-2017 07:35 AM
Finally I have concluded on workaround for this issue.
I have added below code snippet in GetAnAcceptPaymentPage API calling.
final SSLContext sc = SSLContext.getInstance("TLSv1.2"); sc.init(null,null, new java.security.SecureRandom()); final SSLSocketFactory socketFactory = sc.getSocketFactory(); HttpsURLConnection.setDefaultSSLSocketFactory(socketFactory);
and it is working fine with jdk1.7 and TLSv1.2.(Lot more to resolve like this way!!!! :)....)
And if this is concrete solutions to get the Token from AN server.
I really appreciate your help and quick response.
05-10-2017 11:14 PM