SSLHandshakeException with jconsole
I am trying to get JMX over SSL to work with a standalone server java app using jconsole as the client. I am configuring JMX via a file specified with the com.sun.management.config.file system property on the command line.
I have it working fine without SSL, but with SSL enabled (com.sun.management.jmxremote.ssl=true) the connection fails with the following debug output on the server:
jvm 1| *** ClientHello, TLSv1
jvm 1| RandomCookie: GMT: 1181691013 bytes = { 51, 44, 24, 86, 169, 65, 135, 164, 224, 51, 100, 193, 27, 114, 136,
207, 75, 130, 173, 134, 106, 196, 103, 2, 88, 66, 100, 106 }
jvm 1| Session ID: {}
jvm 1| Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA
_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SH
A, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_S
HA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DS
S_EXPORT_WITH_DES40_CBC_SHA]
jvm 1| Compression Methods: { 0 }
jvm 1| ***
jvm 1| RMI TCP Connection(11)-198.168.0.6, SEND TLSv1 ALERT: fatal, description = handshake_failure
jvm 1| RMI TCP Connection(11)-198.168.0.6, WRITE: TLSv1 Alert, length = 2
jvm 1| RMI TCP Connection(11)-198.168.0.6, called closeSocket()
jvm 1| RMI TCP Connection(11)-198.168.0.6, handling exception:javax.net.ssl.SSLHandshakeException: no cipher suites
in commonjvm 1| RMI TCP Connection(11)-198.168.0.6, called close()
jvm 1| RMI TCP Connection(11)-198.168.0.6, called closeInternal(true)
jvm 1| RMI TCP Connection(12)-198.168.0.6, setSoTimeout(7200000) called
jvm 1| RMI TCP Connection(12)-198.168.0.6, READ: SSL v2, contentType = Handshake, translated length = 73
I tried setting the com.sun.management.jmxremote.ssl.enabled.cipher.suites property to ensure a comprehensive set of cipher suites were enabled, but this did not change the behavior. Just to see if I could get any SSL handshake to work from jconsole I tried connecting it to the embedded webserver in my app which uses SSL with the same keystore. Although the JMX conversation obviously failed, the SSL handshake did work. It also used one of the cipher suites specified in the enabled list. This indicates there is something wrong with the JMX agent config in my app, but I'm at a loss to determine what it is. The following additional system properties are set in the properties file:
javax.net.ssl.keyStore=keystore
javax.net.ssl.keyStorePassword=changeme
com.sun.management.jmxremote.ssl.need.client.auth=false
Any ideas?
Thanks,
DaveJ
