Results 1 to 4 of 4

Thread: Remote host closed connection during handshake

  1. #1
    Paul Csiki is offline Active Member
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    3

    Default [SOLVED]Remote host closed connection during handshake

    EDIT: This problem is cause if you install java to that machine. Just run yum remove java* and restart your services and the error will go away.

    Hello,

    I just installed ZCS open source 7.2.0 to a phisical machine, problem is that after I enabled ssl on it mailbox.log is being spammed with java ssl exceptions.

    Is there anything I did wrong, and is there anything I can do to fix them?

    Code:
    2012-04-27 11:38:39,818 ERROR [ImapSSLServer-4] [ip=censored;] ProtocolHandler - Exception occurred while handling connection
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:849)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
            at com.zimbra.cs.tcpserver.ProtocolHandler.startHandshake(ProtocolHandler.java:187)
            at com.zimbra.cs.tcpserver.ProtocolHandler.run(ProtocolHandler.java:135)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
            at java.lang.Thread.run(Thread.java:662)
    Caused by: java.io.EOFException: SSL peer shut down incorrectly
            at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
            ... 8 more
    2012-04-27 11:38:39,819 INFO  [ImapSSLServer-1] [] ProtocolHandler - Handler exiting normally
    Code:
    2012-04-27 11:38:39,825 ERROR [Pop3SSLServer-1] [ip=censored;] ProtocolHandler - Exception occurred while handling connection
    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:849)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181)
            at com.zimbra.cs.tcpserver.ProtocolHandler.startHandshake(ProtocolHandler.java:187)
            at com.zimbra.cs.tcpserver.ProtocolHandler.run(ProtocolHandler.java:135)
            at java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
            at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
            at java.lang.Thread.run(Thread.java:662)
    Caused by: java.io.EOFException: SSL peer shut down incorrectly
            at com.sun.net.ssl.internal.ssl.InputRecord.read(InputRecord.java:333)
            at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:830)
            ... 8 more
    2012-04-27 11:38:39,825 INFO  [ImapSSLServer-3] [] ProtocolHandler - Handler exiting normally
    These keep going on forever. I have a comericial ssl certificate installed and I can load the web ui using https with no certificate errors.

    I tried disabling the firewall, fixing permissions, rebooting.

    Any help please?

    Thank You,
    Paul Csiki.
    Last edited by Paul Csiki; 05-15-2012 at 08:15 AM. Reason: added solution

  2. #2
    liverpoolfcfan's Avatar
    liverpoolfcfan is offline Outstanding Member
    Join Date
    Oct 2009
    Location
    Dublin, IRELAND
    Posts
    712
    Rep Power
    6

    Default

    You could try to verify your certificate chain is complete using openssl

    on the zimbra box, as root

    Code:
     openssl s_client -showcerts  -connect your.server.name:25 -starttls smtp
    It should list out your complete certificate chain, and tell you what encryption levels you have.

    If it errors out - then there is likely a problem with your certificate trust chain.

    Note that when you connect from a browser - the Windows stored Root Certificates are used to validate the security chain. Quite often on linux distributions the pre-installed set of Root certificates is out of date. So your Certificate Authority root might be missing. When you try to validate from the linux command line - it has to use the locally available certificates to do the validation.

  3. #3
    Paul Csiki is offline Active Member
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    3

    Default

    Hello,

    Thank you for your reply. I executed the command and it printed out my certificate, the intermediary CA and the root CA certificates, the certificate chain is correct and the server certificate details match the ones I installed. No errors at all.

    I also tried checking if the ca-certificate package is installed and it already has the newest version.

    Also the date and time of the computer are correct so there shoudn't be any certificate problem at all. As I said I can browse to https://myserver.name with no certificate errors at all.

    Do you want me to copy and paste here the output of that command?

    Any other ideas?

    Thanks so much,
    Paul Csiki.

    EDIT: I can confirm that this happens with a self-signed certificate too. What am I doing wrong?
    Last edited by Paul Csiki; 04-30-2012 at 12:39 AM. Reason: added details

  4. #4
    Paul Csiki is offline Active Member
    Join Date
    Apr 2012
    Posts
    43
    Rep Power
    3

    Default

    As much as I hate bumping threads I really feel that this information changes the context of the question and may raise ideas.

    I disabled the ssl for both pop and imap and now I'm getting these errors:

    2012-04-30 11:07:26,555 INFO [ImapServer-1] [ip=censored;] ProtocolHandler - I/O error while processing connection: java.net.SocketException: Connection reset
    2012-04-30 11:07:26,555 INFO [ImapServer-1] [] ProtocolHandler - Handler exiting normally
    2012-04-30 11:07:26,569 INFO [LmtpServer-1] [ip=censored;] lmtp - disconnected without quit
    2012-04-30 11:07:26,569 INFO [LmtpServer-1] [] ProtocolHandler - Handler exiting normally
    2012-04-30 11:07:31,555 INFO [Pop3Server-1] [ip=censored;] pop - connected
    2012-04-30 11:07:31,555 INFO [Pop3Server-1] [ip=censored;] pop - disconnected without quit
    2012-04-30 11:07:31,556 INFO [Pop3Server-1] [] ProtocolHandler - Handler exiting normally
    2012-04-30 11:07:31,557 INFO [ImapServer-1] [] imap - [censored] connected
    2012-04-30 11:07:31,560 INFO [ImapServer-1] [] ProtocolHandler - Handler exiting normally
    2012-04-30 11:07:31,573 INFO [LmtpServer-1] [ip=censored;] lmtp - disconnected without quit
    2012-04-30 11:07:31,573 INFO [LmtpServer-1] [] ProtocolHandler - Handler exiting normally
    2012-04-30 11:07:36,552 INFO [Pop3Server-1] [ip=censored;] pop - connected
    2012-04-30 11:07:36,554 INFO [ImapServer-1] [] imap - [censored] connected
    2012-04-30 11:07:36,555 INFO [Pop3Server-1] [ip=censored;] ProtocolHandler - I/O error while processing connection: java.net.SocketException: Connection reset
    Edit: problem got fixed after a complete os reinstall. weird.

    Edit2: Problem keeps coming back and crashes ldap too. This is annoying.
    Last edited by Paul Csiki; 05-03-2012 at 03:13 AM.

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Daily Report Prob
    By ranjeet_azad in forum Administrators
    Replies: 0
    Last Post: 01-30-2012, 10:03 PM
  2. Remote host closed connection during handshake
    By zfault in forum Error Reports
    Replies: 0
    Last Post: 09-13-2011, 12:22 AM
  3. zmclamdctl is not running after upgrade
    By Darren in forum Installation
    Replies: 24
    Last Post: 10-10-2008, 09:10 AM
  4. Replies: 20
    Last Post: 03-18-2008, 05:37 AM
  5. Replies: 2
    Last Post: 02-12-2008, 11:55 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •