发表新帖
发表新帖

Not able to connect to server through java code. Getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

后端 未结
关注
4 1073
暗喜
暗喜 2021-01-05 00:43

I am trying to build a Test Automation Tool for REST API on AWS using rest-assured framework. I just tried with a simple HTTP POST and checking the output J

相关标签:
4条回答
  • 庸人自扰
    2021-01-05 00:56

    I am new to rest-assured, but the java SSL problems like handshake_failure are usually the same:

    • Incompatible cipher suites: The client has to use a cipher suite enabled by the server
    • Incompatible versions of SSL/TLS: The client have to ensure that it uses a compatible version. For example the server might force TLS1.2 that is not enabled by default in java7
    • Incomplete trust path for the server certificate: the server certificate is probably not trusted by the client. Usually the fix is to import the server certificate chain in into the client trust store.
    • Bad server config, like certificate issued to a different domain or certificate chain incomplete. In the case the fix is on server part

    To detect the cause the following environment variable can be set to verbose the protocol details

    -Djavax.net.debug=ssl

    For your specific issue with SSL, take a look at rest assured ssl documentation https://github.com/rest-assured/rest-assured/wiki/Usage#ssl

    First you can try to disable usual https verification

    given().relaxedHTTPSValidation().when().get("https://some_server.com"). ..

    If it works, create a JKS truststore with the certificates of the server

    1)Download them from the server (click on browser green lock and download each one) 2) Create the JKS with keytool and import the trusted certificates. Follow the guide in rest-assured guide or use portecle 3) Configure truststore in JKS

    given().keystore("/pathToJksInClassPath", <password>). ..

    If you need client authentication ( I think no), check this post How to make HTTPS GET call with certificate in Rest-Assured java

    If nothing of this works for you, do not forget todebug the SSL connection with 

     -Djavax.net.debug=ssl

    Ensure that the algorithm of your server is supported by your client. For example if you use Java7, TLS1.2 is not enabled by default

    0 讨论(0)
  • -上瘾入骨i
    2021-01-05 01:01

    Try overriding the apache HTTP Client version--upgrading it to 4.5.3 in my pom.xml file fixed it for me.

    0 讨论(0)
  • 自闭症患者
    2021-01-05 01:01

    Two possible explanations:

    • Your local java security not able to trust the target. Import target public cert as trusted entry.

    • SSL version of target could be different from default outboud SSL version your JVM is choosing.

    0 讨论(0)
  • 悲&欢浪女
    2021-01-05 01:12

    You may need to install the Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files 8 from here

    0 讨论(0)
 看不清?
提交回复
热议问题