Hi Thomas thank for the advice. I agree is not Tomcat by itself responsible for the issue
But, since I'm able to make the same connection to the same server, using a standalone client that implements the same request using the same library (Axis2) and the same code (the connection is made by a client written by me that the web application uses as a library) I cannot understand where is the difference in using SSL by the two clients (the one inside Tomcat and other running standalone).
Since I'm not expert in SSL matters I don't know how to search for differences between the two java execution.
I understand is not a matter of Tomcat configuration using SSL (BTW this instance is not configured for SSL since is secure connection is implemented by a reverse proxy)
In the tomcat case Java is NOT able to use the algorithm while launching a Java main class that implements the same behaviour it succeeds.
And that happens using the same JVM. Here is the command line for the stand alone
/usr/lib/jvm/jre/bin/java -Djava.security.egd=file:///dev/urandom -Djavax.net.debug=ssl"
here is the configuration of tomcat (BTW is tomcat9)
[Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/jre"Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djavax.net.debug=ssl"Environment="CATALINA_BASE=/opt/tomcat" Environment="CATALINA_HOME=/opt/tomcat" Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC" ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh [Install] WantedBy=multi-user.target
I cannot spot a significative difference.Could startup.sh contain some option that could create a difference with respect to this matter?
Il 08/06/2023 16:39, Thomas Hoffmann (Speed4Trade GmbH) ha scritto:
Hello Ivano,-----Ursprüngliche Nachricht----- Von: Ivano Luberti<lube...@archicoop.it.INVALID> Gesendet: Donnerstag, 8. Juni 2023 12:10 An:users@tomcat.apache.org Betreff: problem with SSL connection java.security.NoSuchAlgorithmException: Error constructing implementation Hi, all I have the following problem. My web application executes an SSL connection but fails with the following exceptionAxisFault: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext) org.apache.axis2.AxisFault,makeFault,430 org.apache.axis2.transport.http.HTTPSender,sendViaPost,197 org.apache.axis2.transport.http.HTTPSender,send,75org.apache.axis2.transport.http.CommonsHTTPTransportSender,writeMessa geWithCommons,404Here it is visible, that the Axis Client can't connect to the server. It has nothing to do with Tomcat in my opinion. The crypt algorithms are provided by the JDK (or separate libraries). Your program acts as a client, connecting to a server. Therefore Tomcat is not involved in this case. If the endpoint of the service is public available, you can do a scan with e.g.https://www.ssllabs.com/ssltest/ to inspect the offered ciphers. Also check, if the certificates are available and that the server is configured with the intermediates.org.apache.axis2.transport.http.CommonsHTTPTransportSender,invoke,231org.apache.axis2.engine.AxisEngine,send,443 org.apache.axis2.description.OutInAxisOperationClient,send,406 org.apache.axis2.description.OutInAxisOperationClient,executeImpl,229 org.apache.axis2.client.OperationClient,execute,165 it.sella.ecomm.WSCryptDecryptStub,encrypt,197 it.archicoop.met.sistemapagamento.bancasella.wscryptdecryptclient.WSCl ient,encrypt,61 it.archimede.met.backoffice.pagamento.GestionePagamento,encrypt,75 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,encrypt,379 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaConCartaDiCre dito,328 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,paga,112 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaHiddenIframe, 452 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,doGet,585 javax.servlet.http.HttpServlet,service,670 javax.servlet.http.HttpServlet,service,779 org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,227 org.apache.catalina.core.ApplicationFilterChain,doFilter,162 org.apache.tomcat.websocket.server.WsFilter,doFilter,53 org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,189 org.apache.catalina.core.ApplicationFilterChain,doFilter,162 org.apache.catalina.core.StandardWrapperValve,invoke,197 org.apache.catalina.core.StandardContextValve,invoke,97 org.apache.catalina.authenticator.AuthenticatorBase,invoke,541 org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 org.apache.catalina.core.StandardHostValve,invoke,135 org.apache.catalina.valves.ErrorReportValve,invoke,92 org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 org.apache.catalina.core.StandardEngineValve,invoke,78 org.apache.catalina.connector.CoyoteAdapter,service,360 org.apache.coyote.http11.Http11Processor,service,399 org.apache.coyote.AbstractProcessorLight,process,65 org.apache.coyote.AbstractProtocol$ConnectionHandler,process,893 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor,doRun,1789 org.apache.tomcat.util.net.SocketProcessorBase,run,49 org.apache.tomcat.util.threads.ThreadPoolExecutor,runWorker,1191 org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker,run,659 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable,run,61 java.lang.Thread,run,750 it.archimede.met.backoffice.pagamento.GestionePagamento,encrypt,109 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,encrypt,379 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaConCartaDiCre dito,328 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,paga,112 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,pagaHiddenIframe, 452 it.archimede.met.turisti.servlet.NuovoOrdineAcquista,doGet,585 javax.servlet.http.HttpServlet,service,670 javax.servlet.http.HttpServlet,service,779 org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,227 org.apache.catalina.core.ApplicationFilterChain,doFilter,162 org.apache.tomcat.websocket.server.WsFilter,doFilter,53 org.apache.catalina.core.ApplicationFilterChain,internalDoFilter,189 org.apache.catalina.core.ApplicationFilterChain,doFilter,162 org.apache.catalina.core.StandardWrapperValve,invoke,197 org.apache.catalina.core.StandardContextValve,invoke,97 org.apache.catalina.authenticator.AuthenticatorBase,invoke,541 org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 org.apache.catalina.core.StandardHostValve,invoke,135 org.apache.catalina.valves.ErrorReportValve,invoke,92 org.apache.catalina.valves.AbstractAccessLogValve,invoke,687 org.apache.catalina.core.StandardEngineValve,invoke,78 org.apache.catalina.connector.CoyoteAdapter,service,360 org.apache.coyote.http11.Http11Processor,service,399 org.apache.coyote.AbstractProcessorLight,process,65 org.apache.coyote.AbstractProtocol$ConnectionHandler,process,893 org.apache.tomcat.util.net.NioEndpoint$SocketProcessor,doRun,1789 org.apache.tomcat.util.net.SocketProcessorBase,run,49 org.apache.tomcat.util.threads.ThreadPoolExecutor,runWorker,1191 org.apache.tomcat.util.threads.ThreadPoolExecutor$Worker,run,659 org.apache.tomcat.util.threads.TaskThread$WrappingRunnable,run,61 java.lang.Thread,run,750I have built a standalone client that makes the same connection and it succeeds on the same server calling the same JVM /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.352.b08-2.el8_6.x86_64/jre/bin/java I tried to extend ssl logging in tomcat adding -Djavax.net.debug=ssl to see any root cause but to no avail Here is how the tomcat service is configured[Service] Type=forking User=tomcat Group=tomcat Environment="JAVA_HOME=/usr/lib/jvm/jre" Environment="JAVA_OPTS=-Djava.security.egd=file:///dev/urandom -Djavax.net.debug=ssl" Environment="CATALINA_BASE=/opt/tomcat" Environment="CATALINA_HOME=/opt/tomcat" Environment="CATALINA_PID=/opt/tomcat/temp/tomcat.pid" Environment="CATALINA_OPTS=-Xms512M -Xmx1024M -server -XX:+UseParallelGC"ExecStart=/opt/tomcat/bin/startup.sh ExecStop=/opt/tomcat/bin/shutdown.sh [Install] WantedBy=multi-user.targetSomeone out there can give me any help? -- Archimede Informatica tratta i dati personali in conformità a quanto stabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 2003 n. 196 per come modificato dal D.Lgs. 10 agosto 2018 n. 101. Informativa completa<http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPerson ali.pdf>dott. Ivano Mario Luberti Archimede Informatica società cooperativa a r. l. Via Gereschi 36, 56127 Pisa tel.: +39 050/580959 | fax: +39 050/8932061 web:www.archicoop.it linkedin:www.linkedin.com/in/ivanoluberti facebook:www.facebook.com/archimedeinformaticapisa/--------------------------------------------------------------------- To unsubscribe, e-mail:users-unsubscr...@tomcat.apache.org For additional commands, e-mail:users-h...@tomcat.apache.org
-- Archimede Informatica tratta i dati personali in conformità a quantostabilito dal Regolamento UE n. 2016/679 (GDPR) e dal D. Lgs. 30 giugno 2003 n. 196
per come modificato dal D.Lgs. 10 agosto 2018 n. 101.Informativa completa <http://www.archicoop.it/fileadmin/pdf/InformativaTrattamentoDatiPersonali.pdf>
dott. Ivano Mario Luberti Archimede Informatica società cooperativa a r. l. Via Gereschi 36, 56127 Pisa tel.: +39 050/580959 | fax: +39 050/8932061 web: www.archicoop.it linkedin: www.linkedin.com/in/ivanoluberti facebook: www.facebook.com/archimedeinformaticapisa/