Hi Matt,
first could you send the entire Exception? The Deployment exception is just a wrapper and its cause should tell as more.
If the exception stack trace does not clarify the problem, you can run your client with -Djavax.net.debug=all and it will print a detailed SSL debug output. This output might tell you what went wrong. If it does not, post it here and I will have a look at it (Just make sure it does not contain any information you don't want us to see ;) ).
You can refer to Tyrus documentation where it is shown how o configure ssl on the client:
https://tyrus.java.net/documentation/1.9/user-guide.html#d0e1128
The link shows how to use the ClientProperties.SSL_ENGINE_CONFIGURATOR and classes SslContextConfigurator and SslEngineConfigurator to configure SSL. You should not use WLS_SSL_PROTOCOLS_PROPERTY, it is an internal API and therefore it is not documented.
About how to configure protocols. This page contains the standard names of protocols and cipher suites:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#jssenames
Those are the names that are expected in SslEngineConfigurator methods parameters.
Here is a modified sample from the documentation that configures Tyrus client to use SSL TLS 1 and TLS 1.1 and also prints the result and the information which protocols are supported on your platform:
final ClientManager client = createClient();
final SslContextConfigurator defaultConfig = new SslContextConfigurator();
defaultConfig.retrieve(System.getProperties());
// or setup SSLContextConfigurator using its API.
SslEngineConfigurator sslEngineConfigurator =
new SslEngineConfigurator(defaultConfig, true, false, false);
sslEngineConfigurator.setEnabledProtocols(new String[]{"TLSv1", "TLSv1.1"});
// the specified protocols must be supported by the platform, so just to check:
SSLEngine sslEngine = sslEngineConfigurator.createSSLEngine("whatever");
System.out.println("Suported: ");
for (String s : sslEngine.getSupportedProtocols()) {
System.out.println(s);
}
System.out.println("Enabled: ");
for (String s : sslEngine.getEnabledProtocols()) {
System.out.println(s);
}
client.getProperties().put(ClientProperties.SSL_ENGINE_CONFIGURATOR,
sslEngineConfigurator);
Hope this will help.
Petr
On Jan 17, 2015, at 12:43 AM, Matthew Mah wrote:
> Could you please elaborate on how this can be done?
>
> From the documentation,
> https://tyrus.java.net/apidocs/1.9/org/glassfish/tyrus/client/ClientManager.htm
>
> I am not sure whether to set WLS_SSL_PROTOCOLS_PROPERTY or the ClientProperties.SSL_ENGINE_CONFIGURATOR. It is also not apparent what String or array of Strings to use.
>
> https://tyrus.java.net/apidocs/1.9/org/glassfish/tyrus/client/SslEngineConfigurator.html#setEnabledProtocols(java.lang.String[])
>
> Thanks,
> Matt
>
> On 01/16/2015 05:59 PM, Salatiel Filho wrote:
>> Try disable tlsv1.2 And check if it works.
>>
>> On Jan 16, 2015 5:04 PM, "Matthew Mah" <matthew.y.mah_at_gmail.com> wrote:
>> I am encountering problems connecting Android 5.0 using the tyrus websocket to either nginx or tomcat servers using a secure websocket.
>>
>> javax.websocket.DeploymentException: SSL handshake has failed
>>
>> The code works fine for Android 4.4 , so I think this is related to the SSL changes in Android 5.0:
>> http://developer.android.com/about/versions/android-5.0-changes.html#ssl
>>
>> Is there a way I can tell what exactly is failing? I am not sure whether its a problem with the certificate or with the TLS protocol or the cipher suites available.
>>
>> Thanks,
>> Matt
>