Reading the OpenSSL output provided, the line "verify error:num=18:self-signed certificate" indicates an issue here.
Can you run the OpenSSL verify as per this SO thread: https://stackoverflow.com/questions/19726138/openssl-error-18-at-0-depth-lookupself-signed-certificate openssl verify -CAfile ca-cert.pem server-cert.pem client-cert.pem This may be an issue with the self signed cert construction (also ensure your local OpenSSL is up to date). --Jamie On Fri, Jan 3, 2025 at 7:40 AM Sivanagalakshmi Bandreddy <sbandre...@opentext.com.invalid> wrote: > > Hi Team, > > As suggested in below mail we tried with CXF 4.0.4 and issue still persists. > > He are the details : > JVM Vendor: Eclipse Adoptium > JVM Version: 17.0.10 > OS Name: Windows Server 2022 > OS Version: 10.0 > OS Architecture: amd64 > > To check SSL Handshake details used open ssl connect: openssl s_client > -connect <hostname>:<port> > Below data it gave > verify error:num=18:self-signed certificate > verify return:1 > depth=0 ST=CA, C=US, O=OpenText, OU=admin@localhost, > CN=mdd-newwin.lab.opentext.com > verify return:1 > 40320000:error:0A000126:SSL routines::unexpected eof while > reading:ssl/record/rec_layer_s3.c:687: > > Attaching CXF call stack during failure by enabling -Djavax.net.debug=all > > Please help us if you can get any insights on this issue. > > Thanks, > Lakshmi. > > -----Original Message----- > From: Jamie G. <jamie.goody...@gmail.com> > Sent: Thursday, January 2, 2025 6:35 PM > To: dev@cxf.apache.org > Subject: [EXTERNAL] - Re: Assistance Required: Intermittent SSL Communication > Issue Between CXF Versions 4.0.0 and 4.0.5 > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you recognize the sender and know the > content is safe. If you feel that the email is suspicious, please report it > using PhishAlarm. > > > In CXF 4.0.5 we updated a few test certs - this was in respect to IBM Semeru > & RedHat JDKs: > https://urldefense.com/v3/__https://issues.apache.org/jira/secure/ReleaseNote.jspa?projectId=12310511&version=12354390__;!!Obbck6kTJA!dV5pTfSnIXBDxuHz-4gZb7VQpfsh6cl876Qkxx4cUGIJyAYRvjUwUOrqxQSmMl_RNno7Vw-jKteBGpnseGAbhx2a3pI$ > > These should not have caused any particular issues for regular runtime. You > can test with CXF 4.0.4 to rule out those cert updates. > > Getting zero content I'd be looking into if the Hand Shake completed. > Which JVM Vendor/Version/ISA/OS is in use here? > > On the command line pass in the following parameters: > -Djavax.net.debug=all > > This will output a lot of tracing data, etc.
