Login/Register
Local tomcat is not starting and not able to connect to Oracle RDS after updating RDS Server SSL to 1.2 from 1.0
Asked Answered
Solved ssltomcatamazon-rdstls1.2handshake
P

1

0

Local tomcat is not starting and it is failing when trying to creating bean that connects to Oracle DB. The error is java.sql.SQLRecoverableException: IO Error: Connection reset. The only change we made is, we used ojdbc8.jar dependency in Pom.xml earlier it has ojdbc6.jar. I am running the tomcat on jdk 1.8 library/java/javavirtualmachines/jdk1.8.0_162.jdk/Contents/home/jre/

We have imported the rds-ca-2019-root.der in to the cacerts file. library/java/javavirtualmachines/jdk1.8.0_162.jdk/Contents/home/jre/lib/security/cacerts

This is happening after updating the SSL_VERSION to 1.2 on Oracle 12.2.0.1 RDS server.

Here is the stacktrace.

org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'abcDB' defined in class path resource [applicationContext.xml]: Invocation of init method failed; nested exception is javax.naming.NamingException: Unexpected exception resolving reference [Root exception is java.sql.SQLException: Cannot create PoolableConnectionFactory (IO Error: Connection reset)]
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1455)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:519)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getTypeForFactoryBean(AbstractBeanFactory.java:1355)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.getTypeForFactoryBean(AbstractAutowireCapableBeanFactory.java:710)
    at org.springframework.beans.factory.support.AbstractBeanFactory.isTypeMatch(AbstractBeanFactory.java:519)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:319)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.getBeanNamesForType(DefaultListableBeanFactory.java:298)
    at org.springframework.beans.factory.BeanFactoryUtils.beanNamesForTypeIncludingAncestors(BeanFactoryUtils.java:142)
    at org.springframework.orm.jpa.EntityManagerFactoryUtils.findEntityManagerFactory(EntityManagerFactoryUtils.java:97)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor.findNamedEntityManagerFactory(PersistenceAnnotationBeanPostProcessor.java:511)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor.findEntityManagerFactory(PersistenceAnnotationBeanPostProcessor.java:493)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor$PersistenceElement.resolveEntityManager(PersistenceAnnotationBeanPostProcessor.java:657)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor$PersistenceElement.getResourceToInject(PersistenceAnnotationBeanPostProcessor.java:630)
    at org.springframework.beans.factory.annotation.InjectionMetadata$InjectedElement.inject(InjectionMetadata.java:150)
    at org.springframework.beans.factory.annotation.InjectionMetadata.inject(InjectionMetadata.java:87)
    at org.springframework.orm.jpa.support.PersistenceAnnotationBeanPostProcessor.postProcessPropertyValues(PersistenceAnnotationBeanPostProcessor.java:339)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.populateBean(AbstractAutowireCapableBeanFactory.java:1106)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.doCreateBean(AbstractAutowireCapableBeanFactory.java:517)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.createBean(AbstractAutowireCapableBeanFactory.java:456)
    at org.springframework.beans.factory.support.AbstractBeanFactory$1.getObject(AbstractBeanFactory.java:294)
    at org.springframework.beans.factory.support.DefaultSingletonBeanRegistry.getSingleton(DefaultSingletonBeanRegistry.java:225)
    at org.springframework.beans.factory.support.AbstractBeanFactory.doGetBean(AbstractBeanFactory.java:291)
    at org.springframework.beans.factory.support.AbstractBeanFactory.getBean(AbstractBeanFactory.java:193)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.findAutowireCandidates(DefaultListableBeanFactory.java:848)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.doResolveDependency(DefaultListableBeanFactory.java:790)
    at org.springframework.beans.factory.support.DefaultListableBeanFactory.resolveDependency(DefaultListableBeanFactory.java:707)
    at org.glassfish.jersey.server.spring.AutowiredInjectResolver.getBeanFromSpringContext(AutowiredInjectResolver.java:104)
    at org.glassfish.jersey.server.spring.AutowiredInjectResolver.resolve(AutowiredInjectResolver.java:96)
    at org.jvnet.hk2.internal.ClazzCreator.resolve(ClazzCreator.java:211)
    at org.jvnet.hk2.internal.ClazzCreator.resolveAllDependencies(ClazzCreator.java:234)
    at org.jvnet.hk2.internal.ClazzCreator.create(ClazzCreator.java:357)
    at org.jvnet.hk2.internal.SystemDescriptor.create(SystemDescriptor.java:471)
    at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:83)
    at org.jvnet.hk2.internal.SingletonContext$1.compute(SingletonContext.java:71)
    at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture$1.call(Cache.java:97)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at org.glassfish.hk2.utilities.cache.Cache$OriginThreadAwareFuture.run(Cache.java:154)
    at org.glassfish.hk2.utilities.cache.Cache.compute(Cache.java:199)
    at org.jvnet.hk2.internal.SingletonContext.findOrCreate(SingletonContext.java:122)
    at org.jvnet.hk2.internal.Utilities.createService(Utilities.java:2022)
    at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:114)
    at org.jvnet.hk2.internal.ServiceHandleImpl.getService(ServiceHandleImpl.java:88)
    at org.glassfish.jersey.internal.inject.Providers.getAllRankedProviders(Providers.java:247)
    at org.glassfish.jersey.server.ApplicationHandler.getProcessingProviders(ApplicationHandler.java:772)
    at org.glassfish.jersey.server.ApplicationHandler.initialize(ApplicationHandler.java:537)
    at org.glassfish.jersey.server.ApplicationHandler.access$500(ApplicationHandler.java:184)
    at org.glassfish.jersey.server.ApplicationHandler$3.call(ApplicationHandler.java:350)
    at org.glassfish.jersey.server.ApplicationHandler$3.call(ApplicationHandler.java:347)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:315)
    at org.glassfish.jersey.internal.Errors.process(Errors.java:297)
    at org.glassfish.jersey.internal.Errors.processWithException(Errors.java:255)
    at org.glassfish.jersey.server.ApplicationHandler.<init>(ApplicationHandler.java:347)
    at org.glassfish.jersey.servlet.WebComponent.<init>(WebComponent.java:392)
    at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:177)
    at org.glassfish.jersey.servlet.ServletContainer.init(ServletContainer.java:369)
    at javax.servlet.GenericServlet.init(GenericServlet.java:158)
    at org.apache.catalina.core.StandardWrapper.initServlet(StandardWrapper.java:1144)
    at org.apache.catalina.core.StandardWrapper.loadServlet(StandardWrapper.java:1091)
    at org.apache.catalina.core.StandardWrapper.load(StandardWrapper.java:985)
    at org.apache.catalina.core.StandardContext.loadOnStartup(StandardContext.java:4875)
    at org.apache.catalina.core.StandardContext.startInternal(StandardContext.java:5189)
    at org.apache.catalina.util.LifecycleBase.start(LifecycleBase.java:183)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1412)
    at org.apache.catalina.core.ContainerBase$StartChild.call(ContainerBase.java:1402)
    at java.util.concurrent.FutureTask.run(FutureTask.java:266)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
    at java.lang.Thread.run(Thread.java:748)
Caused by: javax.naming.NamingException: Unexpected exception resolving reference [Root exception is java.sql.SQLException: Cannot create PoolableConnectionFactory (IO Error: Connection reset)]
    at org.apache.naming.NamingContext.lookup(NamingContext.java:856)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:827)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:173)
    at org.apache.naming.factory.ResourceLinkFactory.getObjectInstance(ResourceLinkFactory.java:152)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:839)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:827)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:827)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:159)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:827)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:173)
    at org.apache.naming.SelectorContext.lookup(SelectorContext.java:163)
    at javax.naming.InitialContext.lookup(InitialContext.java:417)
    at org.springframework.jndi.JndiTemplate$1.doInContext(JndiTemplate.java:154)
    at org.springframework.jndi.JndiTemplate.execute(JndiTemplate.java:87)
    at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:152)
    at org.springframework.jndi.JndiTemplate.lookup(JndiTemplate.java:178)
    at org.springframework.jndi.JndiLocatorSupport.lookup(JndiLocatorSupport.java:95)
    at org.springframework.jndi.JndiObjectLocator.lookup(JndiObjectLocator.java:105)
    at org.springframework.jndi.JndiObjectFactoryBean.lookupWithFallback(JndiObjectFactoryBean.java:201)
    at org.springframework.jndi.JndiObjectFactoryBean.afterPropertiesSet(JndiObjectFactoryBean.java:187)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.invokeInitMethods(AbstractAutowireCapableBeanFactory.java:1514)
    at org.springframework.beans.factory.support.AbstractAutowireCapableBeanFactory.initializeBean(AbstractAutowireCapableBeanFactory.java:1452)
    ... 71 more
Caused by: java.sql.SQLException: Cannot create PoolableConnectionFactory (IO Error: Connection reset)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:666)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createDataSource(BasicDataSource.java:544)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.getLogWriter(BasicDataSource.java:1064)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.createDataSource(BasicDataSourceFactory.java:568)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSourceFactory.getObjectInstance(BasicDataSourceFactory.java:240)
    at org.apache.naming.factory.FactoryBase.getObjectInstance(FactoryBase.java:96)
    at javax.naming.spi.NamingManager.getObjectInstance(NamingManager.java:321)
    at org.apache.naming.NamingContext.lookup(NamingContext.java:839)
    ... 96 more
Caused by: java.sql.SQLRecoverableException: IO Error: Connection reset
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:467)
    at oracle.jdbc.driver.PhysicalConnection.<init>(PhysicalConnection.java:546)
    at oracle.jdbc.driver.T4CConnection.<init>(T4CConnection.java:236)
    at oracle.jdbc.driver.T4CDriverExtension.getConnection(T4CDriverExtension.java:32)
    at oracle.jdbc.driver.OracleDriver.connect(OracleDriver.java:521)
    at org.apache.tomcat.dbcp.dbcp2.DriverConnectionFactory.createConnection(DriverConnectionFactory.java:55)
    at org.apache.tomcat.dbcp.dbcp2.PoolableConnectionFactory.makeObject(PoolableConnectionFactory.java:357)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.validateConnectionFactory(BasicDataSource.java:113)
    at org.apache.tomcat.dbcp.dbcp2.BasicDataSource.createPoolableConnectionFactory(BasicDataSource.java:662)
    ... 103 more
Caused by: java.net.SocketException: Connection reset
    at java.net.SocketInputStream.read(SocketInputStream.java:210)
    at java.net.SocketInputStream.read(SocketInputStream.java:141)
    at sun.security.ssl.InputRecord.readFully(InputRecord.java:465)
    at sun.security.ssl.InputRecord.read(InputRecord.java:503)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:983)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:757)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:123)
    at oracle.net.ns.Packet.send(Packet.java:403)
    at oracle.net.ns.ConnectPacket.send(ConnectPacket.java:198)
    at oracle.net.ns.NSProtocol.connect(NSProtocol.java:293)
    at oracle.jdbc.driver.T4CConnection.connect(T4CConnection.java:1102)
    at oracle.jdbc.driver.T4CConnection.logon(T4CConnection.java:320)
    ... 111 more

Her is snippet from server.xml

<Resource auth="Container"
            driverClassName="oracle.jdbc.driver.OracleDriver" initialSize="10"
            jdbcInterceptors="org.apache.tomcat.jdbc.pool.interceptor.ConnectionState;org.apache.tomcat.jdbc.pool.interceptor.StatementFinalizer;org.apache.tomcat.jdbc.pool.interceptor.SlowQueryReportJmx(threshold=10000)"
            jmxEnabled="true" logAbandoned="true" maxActive="100" maxIdle="100"
            maxWaitMillis="10000" minEvictableIdleTimeMillis="30000" minIdle="10"
            name="jdbc/abcDB" password="abc"
            removeAbandonedOnMaintenance="true" removeAbandonedTimeout="7200"
            testOnBorrow="true" testOnReturn="false" testWhileIdle="true"
            timeBetweenEvictionRunsMillis="5000" type="javax.sql.DataSource"
            url="jdbc:oracle:thin:@(DESCRIPTION=(ADDRESS=(PROTOCOL=TCPS)(HOST=abc-dev.abc.us-east-1.rds.amazonaws.com)(PORT=2484))(CONNECT_DATA=(SERVICE_NAME=abc)))"
            username="abc" validationInterval="30000"
            validationQuery="SELECT 1 FROM DUAL" />

when I added the debug -Djavax.net.debug=all

I see this one in logs

RandomCookie:  GMT: 1614618626 bytes = { 97, 87, 237, 119, 129, 190, 112, 175, 246, 122, 149, 31, 204, 213, 84, 167, 116, 247, 182, 155, 162, 201, 216, 93, 78, 217, 52, 146 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=abc-dev.abc.us-east-1.rds.amazonaws.com]
***
[write] MD5 and SHA1 hashes:  len = 185
0000: 01 00 00 B5 03 01 60 3D   20 02 61 57 ED 77 81 BE  ......`= .aW.w..
0010: 70 AF F6 7A 95 1F CC D5   54 A7 74 F7 B6 9B A2 C9  p..z....T.t.....
0020: D8 5D 4E D9 34 92 00 00   2C C0 0A C0 14 00 35 C0  .]N.4...,.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........
0050: 16 00 13 00 FF 01 00 00   60 00 0A 00 16 00 14 00  ........`.......
0060: 17 00 18 00 19 00 09 00   0A 00 0B 00 0C 00 0D 00  ................
0070: 0E 00 16 00 0B 00 02 01   00 00 17 00 00 00 00 00  ................
0080: 38 00 36 00 00 33 73 68   6F 72 74 73 2D 64 65 76  8.6..abc-dev
0090: 2E 63 39 64 66 79 71 6A   6F 62 74 71 66 2E 75 73  .abc.us
00A0: 2D 65 61 73 74 2D 31 2E   72 64 73 2E 61 6D 61 7A  -east-1.rds.amaz
00B0: 6F 6E 61 77 73 2E 63 6F   6D                       onaws.com
localhost-startStop-1, WRITE: TLSv1 Handshake, length = 185
[write] MD5 and SHA1 hashes:  len = 122
0000: 01 03 01 00 51 00 00 00   20 00 C0 0A 07 00 C0 00  ....Q... .......
0010: C0 14 00 00 35 00 C0 05   00 C0 0F 00 00 39 00 00  ....5........9..
0020: 38 00 C0 09 06 00 40 00   C0 13 00 00 2F 00 C0 04  8.....@...../...
0030: 01 00 80 00 C0 0E 00 00   33 00 00 32 00 C0 08 00  ........3..2....
0040: C0 12 00 00 0A 07 00 C0   00 C0 03 02 00 80 00 C0  ................
0050: 0D 00 00 16 00 00 13 00   00 FF 60 3D 20 02 61 57  ..........`= .aW
0060: ED 77 81 BE 70 AF F6 7A   95 1F CC D5 54 A7 74 F7  .w..p..z....T.t.
0070: B6 9B A2 C9 D8 5D 4E D9   34 92                    .....]N.4.
localhost-startStop-1, WRITE: SSLv2 client hello message, length = 122
[Raw write]: length = 124
0000: 80 7A 01 03 01 00 51 00   00 00 20 00 C0 0A 07 00  .z....Q... .....
0010: C0 00 C0 14 00 00 35 00   C0 05 00 C0 0F 00 00 39  ......5........9
0020: 00 00 38 00 C0 09 06 00   40 00 C0 13 00 00 2F 00  ..8.....@...../.
0030: C0 04 01 00 80 00 C0 0E   00 00 33 00 00 32 00 C0  ..........3..2..
0040: 08 00 C0 12 00 00 0A 07   00 C0 00 C0 03 02 00 80  ................
0050: 00 C0 0D 00 00 16 00 00   13 00 00 FF 60 3D 20 02  ............`= .
0060: 61 57 ED 77 81 BE 70 AF   F6 7A 95 1F CC D5 54 A7  aW.w..p..z....T.
0070: 74 F7 B6 9B A2 C9 D8 5D   4E D9 34 92              t......]N.4.
localhost-startStop-1, handling exception: java.net.SocketException: Connection reset
localhost-startStop-1, SEND TLSv1.2 ALERT:  fatal, description = unexpected_message
localhost-startStop-1, WRITE: TLSv1.2 Alert, length = 2
localhost-startStop-1, Exception sending alert: java.net.SocketException: Broken pipe (Write failed)
localhost-startStop-1, called closeSocket()
localhost-startStop-1, called close()
localhost-startStop-1, called closeInternal(true)
Mar 01, 2021 12:10:26 PM org.apache.naming.NamingContext lookup
Mar 01, 2021 12:10:26 PM org.apache.naming.NamingContext lookup
WARNING: Unexpected exception resolving reference
java.sql.SQLException: Cannot create PoolableConnectionFactory (IO Error: Connection reset)

Any help is greatly appreciated.

Thank you

Prolongation answered 25/2, 2021 at 16:15 Comment(5)
Can you create a connection using DriverManager and the same database URL and credentials?Graybill
I have tested with the DriverManager, it was able to connect to DB. It is not working from tomcatProlongation
Have you looked at the Oracle log files during the Tomcat connection process?Prodigal
do you mean Oracle RDS log files?, if so what specific log should I look into?Prolongation
I have looked at the .trc file and .trm files on RDS but could not get anything.Prolongation
P
0

I was able to resolve this issue by updating the ojdbc6.jar to ojdbc8.jar in my local tomcat lib folder /Users/dev/apache-tomcat-8.5.60/lib

Thank you everyone

Prolongation answered 1/3, 2021 at 20:0 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.