Skip to main content

This content has been archived and is no longer being updated. Links may not function; however, this content may be relevant to outdated versions of the product.

Support Article

Node running on Java 7 is unable to connect to external URL

SA-83524

Summary

A Pega 7.1.5 monitored node running on Java 7 is unable to connect to Pega Diagnostic Cloud (PDC) external URL.


Error Messages

(.httpclient.HttpMethodDirector)DEBUG - Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
apache.axis2.AxisFault: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
axis2.AxisFault.makeFault(AxisFault.java:430)
axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:78)
at priv.util.SOAPAppenderPega.sendEvent(SOAPAppenderPega.java:327)
at priv.util.SOAPAppenderPega._append(SOAPAppenderPega.java:278)
at priv.util.SOAPAppenderPega.append(SOAPAppenderPega.java:155)
at priv.util.SOAPAppenderPega.doAppend(SOAPAppenderPega.java:901)
at log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:66)
at log4j.AsyncAppender$Dispatcher.run(AsyncAppender.java:578)
at Thread.run(Thread.java:724)
Caused by:Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at BaseStreamWriter._finishDocument(BaseStreamWriter.java:1406)
at BaseStreamWriter.close(BaseStreamWriter.java:247)
at MTOMXMLStreamWriter.close(MTOMXMLStreamWriter.java:222)
at apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:192)
at axis2.transport.http.SOAPMessageFormatter.writeTo(SOAPMessageFormatter.java:74)
javax.net.ssl.SSLException:Connection has been shutdown:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1476)
at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1488)
at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:70)
at flushBuffer(BufferedOutputStream.java:82)
at flush(BufferedOutputStream.java:140)
at ChunkedOutputStream.flush(ChunkedOutputStream.java:190)
at UTF8Writer.flush(UTF8Writer.java:103)
at BufferingXmlWriter.flush(BufferingXmlWriter.java:225)
at wstx.sw.BufferingXmlWriter.close(BufferingXmlWriter.java:198)
at wstx.sw.BaseStreamWriter._finishDocument(BaseStreamWriter.java:1404)
HandshakeException: Remote host closed connection during handshake
at ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(InputRecord.java:482)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:927)
... 37 more


Steps to Reproduce

  1. Configure Pega Diagnostic Cloud in an on-premise monitored node using the tenant URL provided
  2. Inspect the Pega Diagnostic Cloud System Connectivity for the connected systems. The newly defined node does not display
  3. Enable the SSL debug (-Djavax.net.debug=all) on the monitored node
  4. Enable the TLS v1.2 support (-Dhttps.protocols=TLSv1.2). SSLHandshakeException occurs in the logs


Root Cause



A defect or configuration issue in the operating environment. SSLHandshakeExceptions are caused by the lack of support of TLS v1.2 on Java 7. Pega Diagnostic Cloud allows connections using TLS 1.2 protocol because of the security reasons. TLS 1.2 is supported on Java 7 but is not enabled out-of-the-box.

The user enables it using the below arguments but is insufficient:
-Dhttps.protocols=TLSv1.2 -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256

TLSv1.2 SSLContext must be explicitly created and assigned as the default context.

Resolution



Upgrade to a Pega version which supports Java 8 

Alternately,
Perform the following local-change:
  1. Add the below Java System Properties in the JAVA_OPTIONS Environment Variable:
    -Dhttps.protocols=TLSv1.2
    -Dhttps.cipherSuites=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
     
  2. Create a custom activity with single Java step with the below content:
    try { 
       oLog.infoForced("Creating a \"TLSv1.2\" SSLContext programmatically..."); 
       javax.net.ssl.SSLContext context = javax.net.ssl.SSLContext.getInstance("TLSv1.2"); 
       context.init(null,null,null); 
       javax.net.ssl.SSLContext.setDefault(context); 
       oLog.infoForced("\"TLSv1.2\" SSLContext successfully created."); 
    } catch (Exception e) { 
       oLog.fatal("Failed to create \"TLSv1.2\" SSLContext", e); 
    }
     
  3. Uncheck the Require authentication to run checkbox on the Activity's Security tab
  4. Create a custom agent to execute an activity with the Startup pattern, Advanced Execution Mode and five seconds interval in the Agent-Wide settings 
  5. Restart the application server
  6. Verify the behaviour 
 
 
 
 



 

 

 

Tags:

Pega Platform 7.1.5 Pega Platform Platform

Published October 18, 2019 - Updated October 8, 2020

Was this useful?

0% found this useful

Have a question? Get answers now.

Visit the Collaboration Center to ask questions, engage in discussions, share ideas, and help others.

Visit the Collaboration Center

Did you find this content helpful?

Yes
No

Want to help us improve this content?
Suggest an edit

We'd prefer it if you saw us at our best.

Pega Community has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice
Contact us