Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failu

meandmycodeJul 19 2016 — edited Jul 19 2016

Hi,

I have created client and server to create a TLS connection.

The client does only this to open a connection:

createConnection();

authenticate();

private void createConnection() throws SessionException {
        SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory
                .getDefault();
        try {      
            socket = (SSLSocket) factory.createSocket(
                    getProperties().getHost(), getProperties().getTlsPort());
     
        } catch (UnknownHostException e) {
            throw new SessionException(
                    "Could not find IP address of hostname ", getProperties(),
                    e);
        } catch (IOException e) {
            throw new SessionException("Could not connect to host  ",
                    getProperties(), e);
        }    
        
        logger.trace("Established a TLS connection towards " + getProperties().getHost() + ":" + getProperties().getTlsPort());
    }

And authenticate is only ( done on socket above (SSL)).

void authenticate() throws AuthenticationException {
        try {
            socket.startHandshake();
            
        } catch (IOException e) {
            throw new AuthenticationException("Failed to authenticate", e);
        }

    }

Then when I execute this and have a server setup I get the following error ( see below).

I find it strange that I get "ClientHello, TLSv1" twice. I was kind of expecting ServerHello.

What am I missing?

I read about this:

https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https

do I have to add:

JCE unlimited strength

br,

//mike

%% No cached client session

Allow unsafe renegotiation: false

Allow legacy hello messages: true

Is initial handshake: true

Is secure renegotiation: false

Request from client : 27736f80[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=50514,localport=6513]]

Before read line()

Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1

Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1

*** ClientHello, TLSv1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1

RandomCookie: Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1

Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1

GMT: 1452158864 bytes = { 144Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1

, 1, 164, 63, 151, 41, 208, 11, 68, 10, 155, 153, 97, 136, 239, 14, 217, 106, 139, Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1

108, 60, 233, 236, 203, 117, 224, 180, 209Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1

Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1

Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1

}

Session ID: Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1

{}

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Compression Methods: { 0 }

Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

Extension ec_point_formats, formats: [uncompressed]

***

[write] MD5 and SHA1 hashes: len = 151

0000: 01 00 00 93 03 01 57 8E 30 90 90 01 A4 3F 97 29 ......W.0....?.)

0010: D0 0B 44 0A 9B 99 61 88 EF 0E D9 6A 8B 6C 3C E9 ..D...a....j.l<.

0020: EC CB 75 E0 B4 D1 00 00 2C C0 0A C0 14 00 35 C0 ..u.....,.....5.

0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...

0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........

0050: 16 00 13 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 ........>...4.2.

0060: 17 00 01 00 03 00 13 00 15 00 06 00 07 00 09 00 ................

0070: 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 ................

0080: 10 00 11 00 02 00 12 00 04 00 05 00 14 00 08 00 ................

0090: 16 00 0B 00 02 01 00 .......

main, WRITE: TLSv1 Handshake, length = 151

[Raw write]: length = 156

[Raw read]: length = 5

0000: 160 03000 01: 16 00 9703 01 01 00 00 00 97 93 03 01 57 8E 30 90 90 . . ..........

.[Raw read]: length = 151

.0.000.W: 01.0 00. 00. 93

001 030 01: 01 57 A4 8E 3F 97 30 29 90 D0 90 0B 01 44 A4 0A3F 9B 97 29 ......W.0....?.)

0010: D0 0B 44 0A 9B 99 61 88 EF 0E D9 6A 8B 6C 3C E9 ..D...a....j.l<.

0020: EC CB 75 E0 B4 D1 00 00 2C C0 0A C0 14 00 35 C0 ..u.....,.....5.

0030: 05 C0 0F 00 39 00 38 C0 09 C0 13 00 2F C0 04 C0 ....9.8...../...

0040: 0E 00 33 00 32 C0 08 C0 12 00 0A C0 03 C0 0D 00 ..3.2...........

0050: 16 00 13 00 FF 01 00 00 3E 00 0A 00 34 00 32 00 ........ 99 61 88 EF 0E D9 ..?.)..D...a....

0020: 6A 8B 6C 3C E9 EC CB 75 E0 B4 D1 00 00 2C C0 0A j.l<...u.....,..

0030: C0 14 00 35 C0 05 C0 0F 00 39 00 38 C0 09 C0 13 ...5>........49.2.8..

00.6.0.: 17

0040 00: 00 01 2F 00 C0 03 04 00 C0 13 0E 00 00 33 15 00 00 06 32 00 C0 07 08 00 C0 0192 00 00 0A. ./.........3..2............

0050.: C0. 03. C0. 0D

0070 00: 0A 16 00 18 00 00B0 13 00 0C 00 00 FF 01 1090 00 3E 00 0A .............>..

0060: 00 34 00 32 00 17 0000 01 0D 00 03 0000 13 0 E00 00 0F15 00 06 .4.2............

0070: 00 07 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D ................

0080: 00 0E 0000 0F. .00. .10. .00 11. . 00. 02. .00. 12. 00. .04. 00

0 00850 : 10 00. .11. 00. 02. .00. 12. 00. . 04. 00. 0.5. 00. 14.

000090 : 0008 14 0000 08 00. .16. 00. 0B. . .00. 02. 01. .00. . . . .

009 0.: 16. 00. 0B. 00. 02. 0.1. 00. . . .

.......

connection-handler, READ: TLSv1 Handshake, length = 151

*** ClientHello, TLSv1

RandomCookie: GMT: 1452158864 bytes = { 144, 1, 164, 63, 151, 41, 208, 11, 68, 10, 155, 153, 97, 136, 239, 14, 217, 106, 139, 108, 60, 233, 236, 203, 117, 224, 180, 209 }

Session ID: {}

Compression Methods: { 0 }

Extension ec_point_formats, formats: [uncompressed]

***

[read] MD5 and SHA1 hashes: len = 151