SSL connection failing for Java 7

Question

I am attempting to create an SSL connection to a remote server using Java 7 and I\'m receiving the following exception:

javax.net.ssl.SSLHandshakeException:          


        

Answer 1

From a glance at your server configuration (https://www.ssllabs.com/ssltest/analyze.html?d=login.solon.com) compared to your list of available cipher suites in Java7, it appears you have only two accepted options for your cipher suite:

TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA

Now, TLS_DHE_RSA_WITH_AES_128_CBC_SHA is considered weak, but since your server declares no preference for order, it may be picking this and then failing the handshake. For Java6, it's entirely possible it just happens to be picking a stronger suite. The more options you give it, the more chances you have of giving it a chance to pick a weak cipher, so when you specify a single suite to use, it succeeds. (Although in looking at your server configuration, I'm not sure how you were getting SSL_RSA_WITH_RC4_128_MD5 to succeed as it is apparently not supported.) On that train of thought, perhaps you should try limiting your cipher suites to only:

TLS_RSA_WITH_AES_128_CBC_SHA

Or more specifically:

sslsocket.setEnabledCipherSuites(new String[] {"TLS_RSA_WITH_AES_128_CBC_SHA"});