发表新帖
发表新帖

Received fatal alert: handshake_failure through SSLHandshakeException

前端 未结
关注
19 2172
暖寄归人
暖寄归人 2020-11-22 01:33

I have a problem with authorized SSL connection. I have created Struts Action that connects to external server with Client Authorized SSL certificate. In my Action I am tryi

相关标签:
19条回答
  • 渐次进展
    2020-11-22 02:09

    In my case, the website just can use TLSv1.2. and i use apache httpclient 4.5.6, i use this code and install jce to solve this (JDK1.7):

    jce

    jdk7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

    jdk 8 http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

    code:

    SSLContext sslContext = SSLContext.getDefault();

  SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(
      sslContext,
      new String[]{"TLSv1.2"}, // important
      null,
      NoopHostnameVerifier.INSTANCE);

  Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
      .register("https", sslConnectionFactory)
      .register("http", PlainConnectionSocketFactory.INSTANCE)
      .build();

  HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry);
  httpclient = HttpClientBuilder.create().
      .setSSLSocketFactory(sslConnectionFactory)
      .setConnectionManager(ccm)
      .build();
    0 讨论(0)
  • 予麋鹿
    2020-11-22 02:10

    I found an HTTPS server which failed in this way if my Java client process was configured with

    -Djsse.enableSNIExtension=false

    The connection failed with handshake_failure after the ServerHello had finished successfully but before the data stream started.

    There was no clear error message that identified the problem, the error just looked like

    main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, handshake_failure
%% Invalidated:  [Session-3, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

    I isolated the issue by trying with and without the "-Djsse.enableSNIExtension=false" option

    0 讨论(0)
  • 死守一世寂寞
    2020-11-22 02:12

    Assuming you're using the proper SSL/TLS protocols, properly configured your keyStore and trustStore, and confirmed that there doesn't exist any issues with the certificates themselves, you may need to strengthen your security algorithms.

    As mentioned in Vineet's answer, one possible reason you receive this error is due to incompatible cipher suites being used. By updating my local_policy and US_export_policy jars in my JDK's security folder with the ones provided in the Java Cryptography Extension (JCE), I was able to complete the handshake successfully.

    0 讨论(0)
  • 天涯浪人
    2020-11-22 02:12

    Disclaimer : I am not aware if the answer will be helpful for many people,just sharing because it might .

    I was getting this error while using Parasoft SOATest to send request XML(SOAP) .

    The issue was that I had selected the wrong alias from the dropdown after adding the certificate and authenticating it.

    0 讨论(0)
  • 忘掉有多难
    2020-11-22 02:13

    Installing Java Cryptography Extension (JCE) Unlimited Strength (for JDK7 | for JDK8) might fix this bug. Unzip the file and follow the readme to install it.

    0 讨论(0)
  • 面向向阳花
    2020-11-22 02:13

    Mine was a TLS version incompatible error.

    Previously it was TLSv1 I changed it TLSV1.2 this solved my problem.

    0 讨论(0)
 看不清?
提交回复
热议问题