I’m using Java 8, Netty 5 Alpha.
I added the certificates from Comodo to the keystore, and according to a test website suggested by my certificate provider they are installed correctly.
But if I try to connect using Firefox, Chrome, or curl, I get errors.
From curl -v I see that it gets the correct header, but then SSLv3, TLS alert, Server hello (2):.… This seems to correspond with debug messages from Java:
SEND TLSv1.2 ALERT: warning, description = close_notify WRITE: TLSv1.2 Alert, length = 32 fatal error: 80: Inbound closed before receiving peer's close_notify: possible truncation attack?
Firefox: SSL received a record that exceeded the maximum permissible length.
From openssl s_client -connect …:
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-DES-CBC3-SHA verify error:num=19:self signed certificate in certificate chain SSL handshake has read 5982 bytes and written 531 bytes
I’ve read elsewhere about NullPointerExceptions somewhere causing internal Java security stuff to fail. But there’s no clear solutions.