Re: AW: problem with SSL connection java.security.NoSuchAlgorithmException: Error constructing implementation
Hi Thomas thank for the advice. I agree is not Tomcat by itself responsible for the issue But, since I'm able to make the same connection to the same server, using a standalone client that implements the same request using the same library (Axis2) and the same code (the connection is made by a client written by me that the web application uses as a library) I cannot understand where is the difference in using SSL by the two clients (the one inside Tomcat and other running standalone). Since I'm not expert in SSL matters I don't know how to search for differences between the two java execution. I understand is not a matter of Tomcat configuration using SSL (BTW this instance is not configured for SSL since is secure connection is implemented by a reverse proxy) In the tomcat case Java is NOT able to use the algorithm while launching a Java main class that implements the same behaviour it succeeds. And that happens using the same JVM. Here is the command line for the stand alone /usr/lib/jvm/jre/bin/java -Djava.security.egd=file:///dev/urandom -Djavax.net.debug=ssl" here is the configuration of tomcat (BTW is tomcat9) [Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/jre" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djavax.net.debug=ssl" Environment="CATALINA_BASE=/opt/tomcat" Environment="CATALINA_HOME=/opt/tomcat" Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh [Install] WantedBy=multi-user.target I cannot spot a significative difference. Could startup.sh contain some option that could create a difference with respect to this matter? Il 08/06/2023 16:39, Thomas Hoffmann (Speed4Trade GmbH) ha scritto: Hello Ivano, -Ursprüngliche Nachricht- Von: Ivano Luberti Gesendet: Donnerstag, 8. Juni 2023 12:10 An:users@tomcat.apache.org Betreff: problem with SSL connection java.security.NoSuchAlgorithmException: Error constructing implementation Hi, all I have the following problem. My web application executes an SSL connection but fails with the following exception AxisFault: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) org.apache.axis2.AxisFault,makeFault,430 org.apache.axis2.transport.http.HTTPSender,sendViaPost,197 org.apache.axis2.transport.http.HTTPSender,send,75 org.apache.axis2.transport.http.CommonsHTTPTransportSender,writeMessa g eWithCommons,404 Here it is visible, that the Axis Client can't connect to the server. It has nothing to do with Tomcat in my opinion. The crypt algorithms are provided by the JDK (or separate libraries). Your program acts as a client, connecting to a server. Therefore Tomcat is not involved in this case. If the endpoint of the service is public available, you can do a scan with e.g.https://www.ssllabs.com/ssltest/ to inspect the offered ciphers. Also check, if the certificates are available and that the server is configured with the intermediates. org.apache.axis2.transport.http.CommonsHTTPTransportSender,invoke,231 org.apache.axis2.engine.AxisEngine,send,443 org.apache.axis2.description.OutInAxisOperationClient,send,406 org.apache.axis2.description.OutInAxisOperationClient,executeImpl,229 org.apache.axis2.client.OperationClient,execute,165 it.sella.ecomm.WSCryptDecryptStub,encrypt,197 it.archicoop.met.sistemapagamento.bancasella.wscryptdecryptclient.WSCl ient,encrypt,61 it.archimede.met.backoffice.pagamento.GestionePagamento,encrypt,75 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,encrypt,379 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaConCartaDiCre dito,328 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,paga,112 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaHiddenIframe, 452 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,doGet,585 javax.servlet.http.HttpServlet,service,670 javax.servlet.http.HttpServlet,service,779 org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,227 org.apache.catalina.core.ApplicationFilterChain,doFilter,162 org.apache.tomcat.websocket.server.WsFilter,doFilter,53 org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,189 org.apache.catalina.core.ApplicationFilterChain,doFilter,162 org.apache.catalina.core.StandardWrapperValve,invoke,197 org.apache.catalina.core.StandardContextValve,invoke,97 org.apache.catalina.authenticator.AuthenticatorBase,invoke,541 org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 org.apache.catalina.core.StandardHostValve,invoke,135 org.apache.catalina.valves.ErrorReportValve,invoke,92 org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 org.apache.catalina.core.StandardEngineValve,invoke,78 org.apache.catalina.connector.CoyoteAdapter,service,360
AW: problem with SSL connection java.security.NoSuchAlgorithmException: Error constructing implementation
Hello Ivano, > -Ursprüngliche Nachricht- > Von: Ivano Luberti > Gesendet: Donnerstag, 8. Juni 2023 12:10 > An: users@tomcat.apache.org > Betreff: problem with SSL connection > java.security.NoSuchAlgorithmException: Error constructing implementation > > Hi, all I have the following problem. > > My web application executes an SSL connection but fails with the following > exception > > > AxisFault: java.security.NoSuchAlgorithmException: Error constructing > > implementation (algorithm: Default, provider: SunJSSE, class: > > sun.security.ssl.SSLContextImpl$DefaultSSLContext) > > org.apache.axis2.AxisFault,makeFault,430 > > org.apache.axis2.transport.http.HTTPSender,sendViaPost,197 > > org.apache.axis2.transport.http.HTTPSender,send,75 > > > org.apache.axis2.transport.http.CommonsHTTPTransportSender,writeMessa > g > > eWithCommons,404 > > Here it is visible, that the Axis Client can't connect to the server. It has nothing to do with Tomcat in my opinion. The crypt algorithms are provided by the JDK (or separate libraries). Your program acts as a client, connecting to a server. Therefore Tomcat is not involved in this case. If the endpoint of the service is public available, you can do a scan with e.g. https://www.ssllabs.com/ssltest/ to inspect the offered ciphers. Also check, if the certificates are available and that the server is configured with the intermediates. > org.apache.axis2.transport.http.CommonsHTTPTransportSender,invoke,231 > > org.apache.axis2.engine.AxisEngine,send,443 > > org.apache.axis2.description.OutInAxisOperationClient,send,406 > > org.apache.axis2.description.OutInAxisOperationClient,executeImpl,229 > > org.apache.axis2.client.OperationClient,execute,165 > > it.sella.ecomm.WSCryptDecryptStub,encrypt,197 > > it.archicoop.met.sistemapagamento.bancasella.wscryptdecryptclient.WSCl > > ient,encrypt,61 > > it.archimede.met.backoffice.pagamento.GestionePagamento,encrypt,75 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,encrypt,379 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaConCartaDiCre > > dito,328 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,paga,112 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaHiddenIframe, > > 452 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,doGet,585 > > javax.servlet.http.HttpServlet,service,670 > > javax.servlet.http.HttpServlet,service,779 > > org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,227 > > org.apache.catalina.core.ApplicationFilterChain,doFilter,162 > > org.apache.tomcat.websocket.server.WsFilter,doFilter,53 > > org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,189 > > org.apache.catalina.core.ApplicationFilterChain,doFilter,162 > > org.apache.catalina.core.StandardWrapperValve,invoke,197 > > org.apache.catalina.core.StandardContextValve,invoke,97 > > org.apache.catalina.authenticator.AuthenticatorBase,invoke,541 > > org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 > > org.apache.catalina.core.StandardHostValve,invoke,135 > > org.apache.catalina.valves.ErrorReportValve,invoke,92 > > org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 > > org.apache.catalina.core.StandardEngineValve,invoke,78 > > org.apache.catalina.connector.CoyoteAdapter,service,360 > > org.apache.coyote.http11.Http11Processor,service,399 > > org.apache.coyote.AbstractProcessorLight,process,65 > > org.apache.coyote.AbstractProtocol$ConnectionHandler,process,893 > > org.apache.tomcat.util.net.NioEndpoint$SocketProcessor,doRun,1789 > > org.apache.tomcat.util.net.SocketProcessorBase,run,49 > > org.apache.tomcat.util.threads.ThreadPoolExecutor,runWorker,1191 > > org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker,run,659 > > org.apache.tomcat.util.threads.TaskThread$WrappingRunnable,run,61 > > java.lang.Thread,run,750 > > it.archimede.met.backoffice.pagamento.GestionePagamento,encrypt,109 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,encrypt,379 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaConCartaDiCre > > dito,328 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,paga,112 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaHiddenIframe, > > 452 > > it.archimede.met.turisti.servlet.NuovoOrdineAcquista,doGet,585 > > javax.servlet.http.HttpServlet,service,670 > > javax.servlet.http.HttpServlet,service,779 > > org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,227 > > org.apache.catalina.core.ApplicationFilterChain,doFilter,162 > > org.apache.tomcat.websocket.server.WsFilter,doFilter,53 > > org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,189 > > org.apache.catalina.core.ApplicationFilterChain,doFilter,162 > > org.apache.catalina.core.StandardWrapperValve,invoke,197 > > org.apache.catalina.core.StandardContextValve,invoke,97 > > org.apache.catalina.authenticator.AuthenticatorBase,invoke,541 > > org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 > >