java - Thread-6, RECV TLSv1 ALERT: fatal, handshake_failure -


what wrong code, supposed trust hosts, doesn't..

it works fine example google.com not api gateway service running locally on machine, why?

ssl debug output

trigger seeding of securerandom done seeding securerandom ignoring unsupported cipher suite: tls_dhe_dss_with_aes_128_cbc_sha256 ... ignoring unsupported cipher suite: tls_rsa_with_aes_128_cbc_sha256 allow unsafe renegotiation: false allow legacy hello messages: true initial handshake: true secure renegotiation: false thread-6, setsotimeout(0) called %% no cached client session *** clienthello, tlsv1 randomcookie: gmt: 1434280256 bytes = { 216 ... 40 } session id: {} cipher suites: [tls_ecdhe_ecdsa_with_aes_256_cbc_sha, .... ssl_dhe_dss_with_3des_ede_cbc_sha, ssl_rsa_with_rc4_128_md5, tls_empty_renegotiation_info_scsv] compression methods: { 0 } extension elliptic_curves, curve names: {secp256r1 .. secp256k1} extension ec_point_formats, formats: [uncompressed]

thread-6, write: tlsv1 handshake, length = 163 thread-6, read: tlsv1 alert, length = 2 thread-6, recv tlsv1 alert: fatal, handshake_failure thread-6, called closesocket() thread-6, handling exception: javax.net.ssl.sslhandshakeexception: **

received fatal alert: handshake_failure

**

import java.io.inputstreamreader; import java.io.reader; import java.net.url; import java.net.urlconnection;  import javax.net.ssl.hostnameverifier; import javax.net.ssl.httpsurlconnection; import javax.net.ssl.sslcontext; import javax.net.ssl.sslsession; import javax.net.ssl.trustmanager; import javax.net.ssl.x509trustmanager; import java.security.cert.x509certificate;  public class connecthttps {   public static void main(string[] args) throws exception {     /*      *  fix      *    exception in thread "main" javax.net.ssl.sslhandshakeexception:      *       sun.security.validator.validatorexception:      *           pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception:      *               unable find valid certification path requested target      */     trustmanager[] trustallcerts = [         [ getacceptedissuers: { -> null },           checkclienttrusted: { x509certificate[] certs, string authtype -> },           checkservertrusted: { x509certificate[] certs, string authtype -> } ] x509trustmanager     ]      sslcontext sc = sslcontext.getinstance("ssl");     sc.init(null, trustallcerts, new java.security.securerandom());     httpsurlconnection.setdefaultsslsocketfactory(sc.getsocketfactory());      // create all-trusting host name verifier     hostnameverifier allhostsvalid = new hostnameverifier() {         public boolean verify(string hostname, sslsession session) {           return true;         }     };     // install all-trusting host verifier     httpsurlconnection.setdefaulthostnameverifier(allhostsvalid);     /*      * end of fix      */      //url url = new url("https://google.com"); //works     url url = new url("https://localhost:8090");   // not work, why?     urlconnection con = url.openconnection();     reader reader = new inputstreamreader(con.getinputstream());     while (true) {       int ch = reader.read();       if (ch==-1) {         break;       }       system.out.print((char)ch);     }   } }

running the code found here shows tlsv1.2 not enabled on client side:

supported protocols: 5
sslv2hello
sslv3
tlsv1
tlsv1.1
tlsv1.2

enabled protocols: 2
sslv3
tlsv1

.. supposed trust hosts, doesn't..

.. recv tlsv1 alert: fatal, handshake_failure thread-6

a handshake failure alert server unrelated validation of servers certificate on client , can not stopped disabling certificate validation. lots of things can cause such failure, no common ciphers, unsupported protocol version, missing sni extension (only supported starting jdk7). since error issued server might find more details problem in servers log messages.

edit: server logs cause of problem visible:

error handling connection: ssl protocol error error:1408a0c1:ssl routines:ssl3_get_client_hello:no shared cipher

this means there no common cipher between client , server.

a typical cause wrong setup of certificates @ server. if don't configure certificates server might require anonymous authentication adh ciphers, not enabled on client side. suggest check if connect browser.

another common misconfiguration disabling sslv3 ciphers @ server in believe necessary disable ssl3.0 protocol (it not). disables ciphers except new ciphers introduced tls 1.2. modern browsers still able connect older clients not. misconfiguration can seen in case (from comment):

from server log,, interface ciphers: fips:!sslv3:!anull,,

!sslv3 disables ciphers available version ssl3.0 and higher. in effect leaves tls1.2 ciphers because there no new ciphers tls1.0 , tls1.1. since client seems support tls1.0 there no shared ciphers:

...write: tlsv1 handshake

use of !sslv3 in ciphers caused lack of understanding of difference between protocol version , ciphers. disable sslv3 should set protocol accordingly not ciphers.


Comments

Post a Comment

Popular posts from this blog

c# - Validate object ID from GET to POST -

i have method allows user access comment have made on site. have post method lets them update comment. my normal solution send entire comment model through, let them update it, update on database when post back. involve sending commentid through in hiddenfor , can manipulated. how can verify commentid sent in get method same i'm getting in post , not able alter comment wish? how can verify commentid sent in method same i'm getting in post? basically have validate following things in post - user logged-in user. authenticated users post comments. commentid in post , should valid commentid , should present in database. userid associated logged-in user should same userid associated comment . comment should contain userid column, can check @ time of update. to make sure update happens comment has been sent in get - hold commentid in session , in post action compare commentid value in session .
Read more

node.js - Custom Model Validator SailsJS -

when using custom model validator checks record within model. return within spread doesn't seem end control flow. //post.js model /** * custom validator **/ types: { isuservalid: function(user_id) { var promise = require('bluebird'); promise.all([ user.findone({id: user_id}) ]) .spread(function(user) { console.log(user); if (user === null || user === undefined) { console.log('failed'); return false; }else{ console.log('passed'); return true; } }); } }, my response standard validation failed response. { "error": "e_validation", "status": 400, "summary": "1 attribute invalid", "model": "post", "invalidattributes": { "owner": [ { "rule": "isuservalid", ...
Read more

php - Find a regex to take part of Email -

i have following emails need extract part from: bestellnummer xxx: 1 von xxx, 1er pack ------------- anfang der nachricht ------------- foo bar baz foo bar baz // <<<<< need text here ------------- ende der nachricht ------------- ------------- anfang der nachricht ------------- foo bar baz foo bar baz ------------- ende der nachricht ------------- there 0 unlimited occurences of ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- and i'm able extract first part regex: $re = "/------------- .*? -------------.?(.*?).?------------- .*? -------------/s"; but, i'm quite new on learning regex, i'm pretty sure there must better regex extract part (foo bar baz foo bar baz) of text between ------------- anfang der nachricht ------------- ------------- ende der nachricht ------------- as can in different languages, i'm using .? to match between hyphens. i...
Read more