Current situation. There are 2 nodes on the same internal network (let's call them Bus and Broker). The internal CA has signed a request made 2 weeks ago. This signed certificate has been inserted correctly into the Broker's "keystore" as well as the Bus's "truststore". It has been verified that both nodes' software use the appropriate stores.
When trying to setup a secure connection using JMS (or AMQP) the Bus's output is as follows:
TID: [] [] [2021-06-16 11:47:08,949] ERROR {org.wso2.andes.transport.network.mina.MinaNetworkHandler} - Exception caught by Mina {org.wso2.andes.transport.network.mina.MinaNetworkHandler}
javax.net.ssl.SSLException: Improper close state: Status = OK HandshakeStatus = NEED_WRAP
The error on the broker side is:
ERROR {org.wso2.andes.transport.network.mina.MinaNetworkHandler} - Exception caught by Mina but without protocol engine to handle it
java.lang.NullPointerException
Things we've excluded so far:
The verification of the certificates using openssl tooling was also done. The MD5 hashes of the CRT/Key/CSR all match.
Any hint/clue is appreciated.
So with the help of support figured it out. If not explicitly mentioned in the broker configuration for the broker profile, the broker will fallback to TLS 1.0 . In java version 1.8.0_292 TLS 1 and 1.1 have been deprecated, resulting in an illegal protocol for communication.
It was solved by adding the following line to the broker config:
<sslEnabledProtocols>TLSv1.2</sslEnabledProtocols>
Add this in the sslConnection tag under broker.xml .