Okay, so I worked on this for a while trying to figure it out. I have JMX monitoring running from one client to the server, but not from another client to the server. For me, the only difference, apparently, is that it is RHEL6, another RHEL7. It works with RHEL6.
So, here is the corresponding code when getting MBeanServerConnection:
env.put(JMXConnector.CREDENTIALS, credentials); env.put(RMIConnectorServer.RMI_SERVER_SOCKET_FACTORY_ATTRIBUTE , new SslRMIServerSocketFactory()); url = new JMXServiceURL( "service:jmx:rmi:///jndi/rmi://123.123.123.123:1234/jmxrmi"); jmxc = JMXConnectorFactory.connect(url, env); mbsc = jmxc.getMBeanServerConnection();
I am compiling with identical versions of jdk1.8.0_51 locally in /opt on both machines. Created key stores and trusted stores were created on RHEL7, where it only works with RHEL6. I set these properties at runtime (formatted for reading):
/opt/java/jdk1.8.0_51/bin/java -cp . -Djavax.net.ssl.keyStore=/path/to/keyStore.key -Djavax.net.ssl.keyStorePassword=keypassword -Djavax.net.ssl.trustStore=/path/to/trustStore.key -Djavax.net.ssl.trustStorePassword=trustpassword -Djavax.net.debug=all MonitoringProgram
So what happens is that from my RHEL7 machine and debugging, I get a lot of output and then freezes after this last output:
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
When I need to kill a program or wait for a very long timeout. Now the same debugging program has the same thing (I compared them with diff ) until then, but continues instead of freezing:
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Allow unsafe renegotiation: false Allow legacy hello messages: true ...
With a lot of output due to debug = all and with my expected result (for now, we're just trying to get the mbean server domains).
So what could be causing this difference? The worst part is that the connection just hangs and does not throw me an exception that I could debug. I tried to recreate the repository several times, but I donβt think it is anymore. I thought it might be due to inaccessible cipher suites, but the working instance has the same inaccessible cipher suites before installing this cipher TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 : TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 with TLSv1.2. Remember that it has the same result until it freezes, so I'm not sure if the debugging tool will allow me to completely solve this problem.
Any ideas or input are welcome.
Edit: I am adding a stacktrace connection timeout, should have added this first. Still working on a solution.
java.rmi.ConnectException: Connection refused to host: 123.123.123.123; nested exception is: java.net.ConnectException: Connection timed out at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:619) at sun.rmi.transport.tcp.TCPChannel.createConnection(TCPChannel.java:216) at sun.rmi.transport.tcp.TCPChannel.newConnection(TCPChannel.java:202) at sun.rmi.server.UnicastRef.invoke(UnicastRef.java:130) at javax.management.remote.rmi.RMIServerImpl_Stub.newClient(Unknown Source) at javax.management.remote.rmi.RMIConnector.getConnection(RMIConnector.java:2432) at javax.management.remote.rmi.RMIConnector.connect(RMIConnector.java:308) at javax.management.remote.JMXConnectorFactory.connect(JMXConnectorFactory.java:270) at MonitoringProgram.getMBeanServerConnection(MonitoringProgram.java:173) at MonitoringProgram.main(MonitoringProgram.java:208) Caused by: java.net.ConnectException: Connection timed out at java.net.PlainSocketImpl.socketConnect(Native Method) at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345) at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206) at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188) at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392) at java.net.Socket.connect(Socket.java:589) at sun.security.ssl.SSLSocketImpl.connect(SSLSocketImpl.java:668) at sun.security.ssl.SSLSocketImpl.<init>(SSLSocketImpl.java:427) at sun.security.ssl.SSLSocketFactoryImpl.createSocket(SSLSocketFactoryImpl.java:88) at javax.rmi.ssl.SslRMIClientSocketFactory.createSocket(SslRMIClientSocketFactory.java:121) at sun.rmi.transport.tcp.TCPEndpoint.newSocket(TCPEndpoint.java:613) ... 9 more Error: Connection refused