javax.net.ssl.SSLException: Received fatal alert: protocol

Has anyone encountered this error before? I'm new to SSL, is there anything obviously wrong with my ClientHello that I'm missing? That exception is thrown with no ServerHello response. Any advice is appreciated.

*** ClientHello, TLSv1 RandomCookie:  GMT: 1351745496 bytes = { 154, 151, 225, 128, 127, 137, 198, 245, 160, 35, 124, 13, 135, 120, 33, 240, 82, 223, 56, 25, 207, 231, 231, 124, 103, 205, 66, 218 } Session ID:  {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods:  { 0 } *** [write] MD5 and SHA1 hashes:  len = 75 0000: 01 00 00 47 03 01 51 92   00 D8 9A 97 E1 80 7F 89  ...G..Q......... 0010: C6 F5 A0 23 7C 0D 87 78   21 F0 52 DF 38 19 CF E7  ...#...x!.R.8... 0020: E7 7C 67 CD 42 DA 00 00   20 00 04 00 05 00 2F 00  ..g.B... ...../. 0030: 33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3.2............. 0040: 03 00 08 00 14 00 11 00   FF 01 00                 ........... xxx, WRITE: TLSv1 Handshake, length = 75 [write] MD5 and SHA1 hashes:  len = 101 0000: 01 03 01 00 3C 00 00 00   20 00 00 04 01 00 80 00  ....<... ....... 0010: 00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00  ..../..3..2..... 0020: C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15  ............@... 0030: 00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00  ................ 0040: 00 11 00 00 FF 51 92 00   D8 9A 97 E1 80 7F 89 C6  .....Q.......... 0050: F5 A0 23 7C 0D 87 78 21   F0 52 DF 38 19 CF E7 E7  ..#...x!.R.8.... 0060: 7C 67 CD 42 DA                                     .g.B. xxx, WRITE: SSLv2 client hello message, length = 101 [Raw write]: length = 103 0000: 80 65 01 03 01 00 3C 00   00 00 20 00 00 04 01 00  .e....<... ..... 0010: 80 00 00 05 00 00 2F 00   00 33 00 00 32 00 00 0A  ....../..3..2... 0020: 07 00 C0 00 00 16 00 00   13 00 00 09 06 00 40 00  ..............@. 0030: 00 15 00 00 12 00 00 03   02 00 80 00 00 08 00 00  ................ 0040: 14 00 00 11 00 00 FF 51   92 00 D8 9A 97 E1 80 7F  .......Q........ 0050: 89 C6 F5 A0 23 7C 0D 87   78 21 F0 52 DF 38 19 CF  ....#...x!.R.8.. 0060: E7 E7 7C 67 CD 42 DA                               ...g.B. [Raw read]: length = 5 0000: 15 03 01 00 02                                     ..... [Raw read]: length = 2 0000: 02 46                                              .F

{http://xml.apache.org/axis/}stackTrace:

javax.net.ssl.SSLException: Received fatal alert: protocol_version at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:190) at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1806) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:986) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1197) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1181) at org.apache.axis.components.net.JSSESocketFactory.create(JSSESocketFactory.java:186) at

...

What is javax net SSL SSLException?

SSLException(String reason) Constructs an exception reporting an error found by an SSL subsystem. SSLException(String message, Throwable cause) Creates a SSLException with the specified detail message and cause.

On Java 1.8 default TLS protocol is v1.2. On Java 1.6 and 1.7 default is obsoleted TLS1.0. I get this error on Java 1.8, because url use old TLS1.0 (like Your - You see ClientHello, TLSv1). To resolve this error You need to use override defaults for Java 1.8.

System.setProperty("https.protocols", "TLSv1");

More info on the Oracle blog:Diagnosing TLS, SSL, and HTTPS.

marioosh's answer seems to on the right track. It didn't work for me. So I found:

Problems connecting via HTTPS/SSL through own Java client

which uses:

java.lang.System.setProperty("https.protocols", "TLSv1,TLSv1.1,TLSv1.2");

Which seems to be necessary with Java 7 and a TLSv1.2 site.

I checked the site with:

openssl s_client -connect www.st.nmfs.noaa.gov:443

using

openssl version OpenSSL 1.0.2l  25 May 2017

and got the result:

... SSL-Session:    Protocol  : TLSv1.2    Cipher    : ECDHE-RSA-AES256-GCM-SHA384 ...

Please note that and older openssl version on my mac did not work and I had to use the macports one.

javax.net.ssl.SSLException: Received fatal alert: protocol_version

Tags:

java

ssl

jsse

Matthias

People also ask

2 Answers

marioosh

Wolfgang Fahl

Recent Activity

Donate For Us