SSL Protocol Error while calling my web service

Question

I have a Spring REST web service which internally calls a SOAP web service provided by a third party vendor. The SOAP web service client is generated using CXF. Since upgrading to a newer version of the JDK provided by my organization, I see the following strange behavior

1) If I call my REST service via the web server, after the first successful SOAP call, the application stops responding. The web server starts giving a Bad Gateway error.

a) At this point, if I call the app server, then it doesn't response. Chrome shows an SSL Protocol error, but no entry in the access log or any response in the chrome developer tools.

2) If I call my REST service directly on the app server, the service works as expected even after calling 'n' number of times.

As per the change log provided by my organization, the change is from JDK version jdk1.8.0_161_iaik5.5_ecc4.02 to jdk1.8.0_161_iaik5.5_ecc4.02_1.

Any pointers will help. Thank you. Please let me know if I should add any other details to the question.

Edit-- Added some additional logging which shows me a decode_error in the log

[2019-01-31T13:55:17.136-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=36 _ThreadName=http-thread-pool::http-listener-2(4)] [timeMillis: 1548960917136] [levelValue: 800] [[ http-thread-pool::http-listener-2(4), WRITE: TLSv1.2 Handshake, length = 3989]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1548960917138] [levelValue: 800] [[ http-thread-pool::http-listener-2(5), READ: TLSv1.2 Alert, length = 2]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1548960917138] [levelValue: 800] [[ http-thread-pool::http-listener-2(5)]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1548960917138] [levelValue: 800] [[ , RECV TLSv1.2 ALERT: ]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1548960917138] [levelValue: 800] [[ fatal, ]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1548960917138] [levelValue: 800] [[ decode_error]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1548960917138] [levelValue: 800] [[ http-thread-pool::http-listener-2(5), fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: decode_error]]

[2019-01-31T13:55:17.138-0500] [Payara 4.1] [INFO] [] [] [tid: _ThreadID=37 _ThreadName=http-thread-pool::http-listener-2(5)] [timeMillis: 1548960917138] [levelValue: 800] [[ http-thread-pool::http-listener-2(5), fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: decode_error]]

Answer 1

Please check the TLS version supported by your third party. I faced Received fatal alert: decode_error while connecting with apple cloud urls. I was able to fix it by explicitly setting the protocol as TLS 1.2.

I have give a sample in How to fix 'SSLHandshakeException: Received fatal alert: decode_error'?