Javax.net.ssl.SSLException: получено close_notify во время ошибки установления связи при отправке запроса от Apache Tomc ⇐ JAVA

[Anonymous]

Я перенес свой веб-сайт с очень старого сервера на новый сервер, поддерживающий SSL, и обновил Apache Tomcat 6 до Apache Tomcat 9.0.54. Теперь, когда код, работающий на моем сервере, пытается отправить запрос на сервер точки доверия (доверенный сайт проверки), используя этот код
try
{
HttpClient httpclient = new DefaultHttpClient();

this.order=order;
String dataForHmac = MERCHANT_ID + order.getOrderId() + order.getCustomerEmail();
String calculatedHmac = base64sha256(dataForHmac, SECRET_KEY);
order.setHmac(calculatedHmac);
order.setKey(API_KEY);

Gson gson = new GsonBuilder().setFieldNamingPolicy(FieldNamingPolicy.LOWER_CASE_WITH_UNDERSCORES).setPrettyPrinting().create();
System.out.println(gson.toJson(order));

String jsonData = gson.toJson(order);

url = new URL("https://trustspot.io/api/pub/new_order_product");
httpMethod = new HttpPost(url.toExternalForm());
httpMethod.addHeader("Content-Type", "application/json");
StringEntity se = new StringEntity(jsonData);
httpMethod.setEntity(se);
HttpResponse httpResponse = httpclient.execute(httpMethod);
InputStreamReader is = new InputStreamReader(httpResponse.getEntity().getContent());
BufferedReader rd;
rd = new BufferedReader(is);

String line = "";
while ((line = rd.readLine()) != null)
{
System.out.println(line);
}
}
catch(Exception ex)
{
StringWriter messageBody = new StringWriter();
PrintWriter pw = new PrintWriter(messageBody);
ex.printStackTrace(pw);
Email.sendAlert("Unable to send trustpot review request:"+ order.getCustomerEmail(), messageBody.toString());
}

Я понимаю
javax.net.ssl.SSLException: Received close_notify during handshake

Как это решить?
javax.net.ssl.SSLException: Received close_notify during handshake
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1959)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1911)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2012)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1135)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1385)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1413)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1397)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55)
at com.jthink.store.trustspot.TrustSpotProductRequest.sendRequest(TrustSpotProductRequest.java:68)
at com.jthink.store.googleprocess.AbstractCreateAndSendLicense.requestReview(AbstractCreateAndSendLicense.java:306)
at com.jthink.store.googleprocess.CreateAndSendSongKongLicense.createAndSendLicense(CreateAndSendSongKongLicense.java:120)
at com.jthink.store.action.VerifyPaymentEJunkie.processEachItem(VerifyPaymentEJunkie.java:169)
at com.jthink.store.action.VerifyPaymentEJunkie.handleRequest(VerifyPaymentEJunkie.java:82)
at com.jthink.store.JThinkStoreServlet.doGet(JThinkStoreServlet.java:45)
at com.jthink.store.JThinkStoreServlet.doPost(JThinkStoreServlet.java:32)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:681)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:764)

Я использую Java 1.8.0_161-b12
Пытался перезапустить Tomcat после установки -Dhttps.protocols=TLSv1 и -Dhttps.protocols=TLSv1.1, TLSv1.2, но безрезультатно
Обновить
добавил main() в class, так что теперь я могу запустить тест на машине за пределами Tomcat, и он завершится точно так же
java -classpath classes:lib/* com.jthink.store.trustspot.TrustSpotProductRequest -Dhttps.protocols=TLSv1

выдает то же исключение
javax.net.ssl.SSLException: Received close_notify during handshake

выполнение того же кода на моем компьютере работает нормально.
Обновление 2
С -Djavax.net.debug=ssl:handshake
trigger seeding of SecureRandom
done seeding SecureRandom
main, setSoTimeout(0) called
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1621095199 bytes = { 214, 189, 173, 184, 228, 255, 156, 82, 153, 122, 143, 245, 185, 144, 166, 172, 32, 10, 144, 123, 158, 248, 38, 4, 84, 67, 13, 79 }
Session ID: {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=trustspot.io]
***
main, WRITE: TLSv1.2 Handshake, length = 146
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: warning, close_notify
main, SEND TLSv1.2 ALERT: fatal, description = unexpected_message
main, WRITE: TLSv1.2 Alert, length = 2
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLException: Received close_notify during handshake
main, called close()
main, called closeInternal(true)

На моем компьютере разница, которую я вижу, заключается в том, что он также имеет расширение elliptic_curves и расширение ec_point_formats, они мне нужны?
Кроме того, длина рукопожатия отличается.
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension server_name, server_name: [type=host_name (0), value=trustspot.io]
***
main, WRITE: TLSv1.2 Handshake, length = 214
main, READ: TLSv1.2 Handshake, length = 91


Подробнее здесь: https://stackoverflow.com/questions/701 ... or-when-se