Apache httpclient: get “Received fatal alert: protocol_version” sometimes

I need help!

I run application on CentOS 6 on Tomcat 8 using Java 8.

I configure TLSv1.2 in Apache httpclient (version 4) as the following:

HttpComponentsHttpInvokerRequestExecutor httpInvokerRequestExecutor = new HttpComponentsHttpInvokerRequestExecutor();  SSLContext sslcontext= SSLContexts.custom().loadTrustMaterial(null,             new TrustSelfSignedStrategy()).build();  // Allow TLSv1.2 protocol, use NoopHostnameVerifier to trust self-singed cert SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslcontext,         new String[] { "TLSv1" , "TLSv1.1", "TLSv1.2"  }, null, new NoopHostnameVerifier());   CloseableHttpClient httpClient = HttpClients.custom().             setSSLSocketFactory(sslsf).build(); httpInvokerRequestExecutor.setHttpClient(httpClient); 

I use the code above to connect to the server that may be configured with TLSv1 or TLSv1.2.

Unfortunately when the server is configured with TLSv1.2 I get sometimes the following exceptions: Received fatal alert: protocol_version.

It works most of the time but I want it will work always.

What is wrong?

What configuration I missed?

Is it load issue?

Added

What we discover during our test that in case of the exception the client start negotiation with TLSv1 and not use TLSv1.2.

What is wrong in our configuration?

Caused by: javax.net.ssl.SSLException: Received fatal alert: protocol_version         at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) ~[?:1.8.0_71]         at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[?:1.8.0_71]         at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[?:1.8.0_71]         at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[?:1.8.0_71]         at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_71]         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_71]         at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_71]         at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) ~[httpclient-4.4.1.jar:4.4.1]         at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) ~[httpclient-4.4.1.jar:4.4.1]         at org.springframework.remoting.httpinvoker.HttpComponentsHttpInvokerRequestExecutor.executeHttpPost(HttpComponentsHttpInvokerRequestExecutor.java:312) ~[spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]         at org.springframework.remoting.httpinvoker.HttpComponentsHttpInvokerRequestExecutor.doExecuteRequest(HttpComponentsHttpInvokerRequestExecutor.java:230) ~[spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]         at org.springframework.remoting.httpinvoker.AbstractHttpInvokerRequestExecutor.executeRequest(AbstractHttpInvokerRequestExecutor.java:138) ~[spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]         at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.executeRequest(HttpInvokerClientInterceptor.java:194) ~[spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]         at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.executeRequest(HttpInvokerClientInterceptor.java:176) ~[spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]         at org.springframework.remoting.httpinvoker.HttpInvokerClientInterceptor.invoke(HttpInvokerClientInterceptor.java:144) ~[spring-web-4.1.9.RELEASE.jar:4.1.9.RELEASE]         ... 27 more 

0 Answers

If You Enjoyed This, Take 5 Seconds To Share It

• Facebook
• Twitter
• Google+
• StumbleUpon
• Digg
• Delicious
• LinkedIn
• Reddit
• Technorati