Received fatal alert: handshake_failure through SSLHandshakeException

前端 未结 19 2202
暖寄归人
暖寄归人 2020-11-22 01:33

I have a problem with authorized SSL connection. I have created Struts Action that connects to external server with Client Authorized SSL certificate. In my Action I am tryi

相关标签:
19条回答
  • 2020-11-22 02:09

    In my case, the website just can use TLSv1.2. and i use apache httpclient 4.5.6, i use this code and install jce to solve this (JDK1.7):

    jce

    jdk7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

    jdk 8 http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html

    code:

    SSLContext sslContext = SSLContext.getDefault();
    
      SSLConnectionSocketFactory sslConnectionFactory = new SSLConnectionSocketFactory(
          sslContext,
          new String[]{"TLSv1.2"}, // important
          null,
          NoopHostnameVerifier.INSTANCE);
    
      Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create()
          .register("https", sslConnectionFactory)
          .register("http", PlainConnectionSocketFactory.INSTANCE)
          .build();
    
      HttpClientConnectionManager ccm = new BasicHttpClientConnectionManager(registry);
      httpclient = HttpClientBuilder.create().
          .setSSLSocketFactory(sslConnectionFactory)
          .setConnectionManager(ccm)
          .build();
    
    0 讨论(0)
  • 2020-11-22 02:10

    I found an HTTPS server which failed in this way if my Java client process was configured with

    -Djsse.enableSNIExtension=false
    

    The connection failed with handshake_failure after the ServerHello had finished successfully but before the data stream started.

    There was no clear error message that identified the problem, the error just looked like

    main, READ: TLSv1.2 Alert, length = 2
    main, RECV TLSv1.2 ALERT:  fatal, handshake_failure
    %% Invalidated:  [Session-3, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384]
    main, called closeSocket()
    main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    

    I isolated the issue by trying with and without the "-Djsse.enableSNIExtension=false" option

    0 讨论(0)
  • 2020-11-22 02:12

    Assuming you're using the proper SSL/TLS protocols, properly configured your keyStore and trustStore, and confirmed that there doesn't exist any issues with the certificates themselves, you may need to strengthen your security algorithms.

    As mentioned in Vineet's answer, one possible reason you receive this error is due to incompatible cipher suites being used. By updating my local_policy and US_export_policy jars in my JDK's security folder with the ones provided in the Java Cryptography Extension (JCE), I was able to complete the handshake successfully.

    0 讨论(0)
  • 2020-11-22 02:12

    Disclaimer : I am not aware if the answer will be helpful for many people,just sharing because it might .

    I was getting this error while using Parasoft SOATest to send request XML(SOAP) .

    The issue was that I had selected the wrong alias from the dropdown after adding the certificate and authenticating it.

    0 讨论(0)
  • 2020-11-22 02:13

    Installing Java Cryptography Extension (JCE) Unlimited Strength (for JDK7 | for JDK8) might fix this bug. Unzip the file and follow the readme to install it.

    0 讨论(0)
  • 2020-11-22 02:13

    Mine was a TLS version incompatible error.

    Previously it was TLSv1 I changed it TLSV1.2 this solved my problem.

    0 讨论(0)
提交回复
热议问题