REQUEST:
Please can you add JsafeJCE cipher suite to the securitry provider list in
Lucee 4.5. This would bring Lucee 4.5 in line with Adobe Coldfusion 11.
ENVIRONMENT:
I am running Lucee 4.5 with IIS7 on Windows 2008R2.
ISSUE:
I am trying to use OAuth2 with
https://api.sandbox.paypal.com/v1/oauth2/token.
For many months it has been issueing tokens without any problems.
Then, PayPal upgraded their certificates and SSL ciphers requirement:
I have updated all my certificates using keytool to cacerts keystore. The
error persists.
So I believe this is not a certificate problem.
I believe it is a problem with the security provider list bundled with JRE.
It does not contain the required cipher suite.
Interestingly, I updated my local testing environment from Adobe Coldfusion
[ACF] 10 to ACF 11, and the problem dissappeared.
I noticed that the security provider list is much more extensive in ACF11,
and includes a beefed up JsafeJCE cipher suite. JsafeJCE is the default
security provider in ACF11.
I am using Railo/Lucee on my production server. It is the most up to date
version of this application server.
I am getting the following error, when trying to obtain a PayPal RESTFUL
API token on my production server:
Cause
string javax.net.ssl.SSLHandshakeException
url
string https://api.sandbox.paypal.com/v1/oauth2/token
Detail
string
ErrorCode
string 0
Extended_Info
string
ExtendedInfo
string
Message
string Received fatal alert: handshake_failure
StackTrace
string Received fatal alert: handshake_failure at
sun.security.ssl.Alerts.getSSLException(Alerts.java:192):192 at
sun.security.ssl.Alerts.getSSLException(Alerts.java:154):154 at
sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959):1959 at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077):1077 at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312):1312
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1339):1339
at
sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1323):1323
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket
(SSLConnectionSocketFactory.java:394):394 at
org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353):353
at
org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134):134
at
org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353):353
at org.apache.http.impl.execchain.MainClientExec.establishRoute
(MainClientExec.java:380):380 at
org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236):236
at org.apache.http.impl.execchain.ProtocolExec.execute
(ProtocolExec.java:184):184 at
org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88):88 at
org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110):110
at
org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184):184
at
org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82):82
at
lucee.runtime.tag.Executor41.execute(Http41.java:1494):1494 at
lucee.runtime.tag.Executor41.run(Http41.java:1482):1482
https://groups.google.com/forum/#!msg/railo/b_2qteKb7k0/wy9K3zMgXqMJ