javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake in R12

Dear Erman,

Our apps version R12.2.5
OS redhat linux 7
db version 12.1.0.2

We have written a java code using which we are sending SMS by connecting to vendor https url,But failed to send SMS

SQL> select apps.sendurl2('91988601053','hi') from dual;

APPS.SENDURL2('6304601053','HI')
--------------------------------------------------------------------------------
Message Failed!0


When we enabled trace,we found the below error in logs

Exception cought:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Can you please help us

Thanks You

It seems you are doing it from the database.
Did you check this note? -> "javax.net.ssl.SSLHandshakeException: Remote Host Closed Connection During Handshake" After PSU (July 2018) On Database (Doc ID 2530270.1)

Thanks for the update.Yes erman,we are doing it from database node.we are compiling the code and uploading it to database,and then we are calling that function from sqlplus.

Do we need to install any certificates from vendors https url in database node?pls suggest

Thank you

Yes you need to. You also need to configure the necessary ACLs to make the database let you do those http calls.
Normally you should put the necessary certificate in your wallet and your code should open the wallet and use that certificate to make its http calls to the related server. The necessary ACL configuration should also be made.

Thank you.
We are not using utl_http package here, is it still required to follow the suggested process?

What do you use? What is the code?
In any case, if you are communicating through SSL, you need to make those certificates available to your code. With PLSQL , you put them into the wallet and you open it before making ssl calls.
For java, you use keystores.. etc..

Dear Erman,

Thanks for the update.This is the code

import java.io.BufferedReader;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.net.HttpURLConnection;
import javax.net.ssl.HttpsURLConnection;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Date;
//1124581
import java.sql.*;
//1124581

public class xxx_SendSMS
{
public static String sendURL(String Number, String Message)
{
int responseCode = 0;
HttpsURLConnection conn = null;
    try {

System.out.println("STARTED");
   URL url = new URL("https://example.in/failsafe/HttpLink?username=exampl_user&pin=example_pin&message="+Message+"&mnumber=91"+Number+"&signature=example_signature");
conn = (HttpsURLConnection)url.openConnection();
conn.setRequestMethod("GET");
conn.setDoOutput(true);
conn.setDoInput(true);
conn.setUseCaches(false);
conn.connect();
responseCode =conn.getResponseCode();
BufferedReader rd = new BufferedReader(new InputStreamReader(conn.getInputStream()));
String line;
StringBuffer buffer = new StringBuffer();
while ((line = rd.readLine()) != null)
{
buffer.append(line).append("\n");
}
System.out.println(buffer.toString()+"Response Code"+responseCode);
rd.close();
conn.disconnect();
    }
catch (Exception ex) {
System.out.println("Exception cought:\n" + ex.toString());
}
if(responseCode==200)
{
return "Message Success!"+responseCode;
}
else
{
return "Message Failed!"+responseCode;
}
}
}
xxx_SendSMS_Updated.txt

We are compiling this java to class file and loading to database.

$ORACLE_HOME/bin/loadjava -r -f -o -user apps/password xxx_SendSMS.class

Thanks

Steps followed:

downloaded root top.cer and intermediate middle.cer an copied to below folder

[applsupp@erpsupport Sindhu]$ cp top.cer middle.cer $OA_JRE_TOP/lib/security/


imported:

[applsupp@erpsupport security]$ keytool -import -alias top -file top.cer -trustcacerts -v -keystore cacerts
Enter keystore password:
Owner: CN=DST Root CA X3, O=Digital Signature Trust Co.
Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co.
Serial number: 44afb080d6a327ba893039862ef8406b
Valid from: Sun Oct 01 02:42:19 IST 2000 until: Thu Sep 30 19:31:15 IST 2021
Certificate fingerprints:
         MD5:  41:03:52:DC:0F:F7:50:1B:16:F0:02:8E:BA:6F:45:C5
         SHA1: DA:C9:02:4F:54:D8:F6:DF:94:93:5F:B1:73:26:38:CA:6A:D7:7C:13
         SHA256: 06:87:26:03:31:A7:24:03:D9:09:F1:05:E6:9B:CF:0D:32:E1:BD:24:93:FF:C6:D9:20:6D:11:BC:D6:77:07:39
         Signature algorithm name: SHA1withRSA
         Version: 3

Extensions:

#1: ObjectId: 2.5.29.19 Criticality=true
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

#2: ObjectId: 2.5.29.15 Criticality=true
KeyUsage [
  Key_CertSign
  Crl_Sign
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: C4 A7 B1 A4 7B 2C 71 FA   DB E1 4B 90 75 FF C4 15  .....,q...K.u...
0010: 60 85 89 10                                        `...
]
]

Trust this certificate? [no]:  yes
Certificate was added to keystore
[Storing cacerts]

[applsupp@erpsupport security]$ keytool -import -alias middle -file middle.cer -trustcacerts -v -keystore cacerts
Enter keystore password:
Certificate was added to keystore
[Storing cacerts]
[applsupp@erpsupport security]$

Facing same error.please suggest if our steps are wrong

1)What is the version of java that is executing this code?
2)Send me the full stack trace ..At least,  I need to see the line starting with "Caused by:" ...
3)How do you execute it? What kind of JVM do you use? This may be related with the SSL/TLS protocol mismatch.. Did you try runnin the JVM using -Dhttps.protocols=TLSv1.1,TLSv1.2?
4)Did you try using System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2") just before opening connection in the code?
5)You are using the correct Url and port to reach the remote server right? Wrong port may also cause this.
6)You have put your certificate in correct keystore right? You may try pointing that location to your JVM using -Djavax.net.ssl.trustStore=<correct_location>/cacerts