Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why do I get a handshake failure (Java SSL)

Tags:

java

exception

ssl

cxf

handshake

I'm connecting to a web service over HTTPS. I've done all that I think is required to make it work, but in the end I get a handshake failure.

I found out that as a new user I can't post more than 2 links due to "spam protection" - thanx a lot stackoverflow...anyway here's a link to a pastebin post with all the links spelled out...so when I write "link#1" here it's a reference to these links: http://pastebin.com/y4zGNRC7

  • I verified the same behavior using HttpClient (GET on the service URL) and actually calling the web service via a CXF proxy
  • I'm setting both the keystore and truststore - I tried both the "in code" way ( link#1 ) and setting the system properties - i.e. System.setProperty("javax.net.ssl.keyStore", "mykeystore.jks");
  • SSL debug is on ( javax.net.debug=all )
  • SSL debug blurts out the contents of both keystore and truststore (i.e. looks like java "knows about them") - link#2
  • seems like there's some client-server communication going on, but then it crashes for some reason link#3
  • I successfully connected to the server using the client and CA certificates both in a browser (Chrome) and using openssl s_client
  • wireshark shows less client-server talk from java ( link#4 ) then for example from Chrome ( link#5 )

Another strange thing is, that I seem to be getting the same behavior when I set the keystore and when I don't (the only difference is that when I do the keystore contents get printed in the console, but that's it).

I tried googling the problem and I saw numerous similar posts here on stackoverflow, but nothing helped. I tried changing the protocol version ("TLSv1", "SSLv3", even the weird v2 Hello). Any help would be appreciated - maybe there's some fundamental thing I might have overlooked...I'm getting desperate here... Thanx

PS I'm running java 1.6 update 30 on Fedora Core 15 (64bit)

like image 691
Jakub Hlavatý Avatar asked Feb 12 '12 13:02

Jakub Hlavatý

People also ask

What causes SSL handshake failure?

The SSL Handshake Error occurs if the read access has not been granted to the OS, thus preventing the web server from completing authentication. It indicates that the browser's connection to the web server isn't secure.

What happens if SSL handshake fails?

A TLS/SSL handshake failure occurs when a client and server cannot establish communication using the TLS/SSL protocol. When this error occurs in Apigee Edge, the client application receives an HTTP status 503 with the message Service Unavailable.

How do I fix TLS handshake failure?

The fastest way to fix this SSL/TLS handshake error-causing issue is just to reset your browser to the default settings and disable all your plugins. From there, you can configure the browser however you want, testing your connection with the site in question as you tweak things.

1 Answers

The problem was that even though the keystore and truststore was set, java decided not to send the client certificate to the server. The reason for this was the fact, that the server requested a certificate signed by the RootCA authority, but the client certificate is signed by a SubCA authority (which is issued by the RootCA).

Originally the keystore only contained the client cert and the truststore the SubCA cert. I then tried to add the SubCA cert to the keystore too, but java just ignored it.

So this solves the hanshake failure mystery, but not my problem.

I created a separate question for that...sigh :-( why doesn't java send the client certificate during SSL handshake?

like image 54
Jakub Hlavatý Avatar answered Oct 22 '22 17:10

Jakub Hlavatý
Sign in to Comment

Related questions

While constructing the default constructor can not handle exception : type Exception thrown by implicit super constructor
Does Proguard remove unused code (on Android)
Using OSGi to implement auto-update
Java 6 regex multiple matches of one group
Java tool to find - copy/ paste code across projects
Parsing xml in java - getTextContent() and getNodeValue() only return \n, \t, and whitespace
Importing resources from OSGi bundle
WatchService and SwingWorker: how to do it correctly?
Android - How to change header/footer view elements for existing ListView?
Why is this Java process failing to terminate?
Java String literal pool and string object
How can I attach different string resource files during android ant release and debug builds?
How long to run compute retained sizes in visual VM for a 1GB heap?
How does deployment of .NET applications compare to deployment of Java web applications?
java swing key bindings - missing action for released key
Is it possible to use external enums (outside message definitions) with protocol buffers?
Documentation on line numbers in stack traces
Why did switching to from an infinite loop to TimerTask cause this drop in CPU usage?
Google TV - is designing for efficiency as important as it is with handsets/tablets?
How to run java code in a restricted sandbox (without network, filesystem access)

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!