main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failu

meandmycode

Hi,

I have created  client and server to create a TLS connection.

The client does only this to open a connection:

createConnection();

authenticate();

private void createConnection() throws SessionException {
        SSLSocketFactory factory = (SSLSocketFactory) SSLSocketFactory
                .getDefault();
        try {      
            socket = (SSLSocket) factory.createSocket(
                    getProperties().getHost(), getProperties().getTlsPort());
     
        } catch (UnknownHostException e) {
            throw new SessionException(
                    "Could not find IP address of hostname ", getProperties(),
                    e);
        } catch (IOException e) {
            throw new SessionException("Could not connect to host  ",
                    getProperties(), e);
        }    
        
        logger.trace("Established a TLS connection towards " + getProperties().getHost() + ":" + getProperties().getTlsPort());
    }

And authenticate is only ( done on socket above (SSL)).

void authenticate() throws AuthenticationException {
        try {
            socket.startHandshake();
            
        } catch (IOException e) {
            throw new AuthenticationException("Failed to authenticate", e);
        }

    }

Then when I execute this and have a server setup I get the following error ( see below).

I find it strange that I get "ClientHello, TLSv1" twice. I was kind of expecting ServerHello.

What am I missing?

I read about this:

https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https

do I have to add:

JCE unlimited strength

br,

//mike

%% No cached client session
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Request from client : 27736f80[SSL_NULL_WITH_NULL_NULL: Socket[addr=/127.0.0.1,port=50514,localport=6513]]
Before read line()
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
*** ClientHello, TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
RandomCookie:  Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
GMT: 1452158864 bytes = { 144Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
, 1, 164, 63, 151, 41, 208, 11, 68, 10, 155, 153, 97, 136, 239, 14, 217, 106, 139, Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
108, 60, 233, 236, 203, 117, 224, 180, 209Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
 }
Session ID:  Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
{}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[write] MD5 and SHA1 hashes:  len = 151
0000: 01 00 00 93 03 01 57 8E   30 90 90 01 A4 3F 97 29  ......W.0....?.)
0010: D0 0B 44 0A 9B 99 61 88   EF 0E D9 6A 8B 6C 3C E9  ..D...a....j.l<.
0020: EC CB 75 E0 B4 D1 00 00   2C C0 0A C0 14 00 35 C0  ..u.....,.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........
0050: 16 00 13 00 FF 01 00 00   3E 00 0A 00 34 00 32 00  ........>...4.2.
0060: 17 00 01 00 03 00 13 00   15 00 06 00 07 00 09 00  ................
0070: 0A 00 18 00 0B 00 0C 00   19 00 0D 00 0E 00 0F 00  ................
0080: 10 00 11 00 02 00 12 00   04 00 05 00 14 00 08 00  ................
0090: 16 00 0B 00 02 01 00                               .......
main, WRITE: TLSv1 Handshake, length = 151
[Raw write]: length = 156
[Raw read]: length = 5
0000: 160 03000 01: 16 00  9703 01 01 00 00 00 97    93    03    01    57   8E    30    90    90           .      . ..........
.[Raw read]: length = 151
.0.000.W: 01.0 00. 00. 93
001 030 01: 01 57 A4 8E 3F  97  30 29 90 D0 90 0B 01 44 A4    0A3F 9B 97 29  ......W.0....?.)
0010: D0 0B 44 0A 9B 99 61 88   EF 0E D9 6A 8B 6C 3C E9  ..D...a....j.l<.
0020: EC CB 75 E0 B4 D1 00 00   2C C0 0A C0 14 00 35 C0  ..u.....,.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........
0050: 16 00 13 00 FF 01 00 00   3E 00 0A 00 34 00 32 00  ........ 99 61 88 EF 0E D9  ..?.)..D...a....
0020: 6A 8B 6C 3C E9 EC CB 75   E0 B4 D1 00 00 2C C0 0A  j.l<...u.....,..
0030: C0 14 00 35 C0 05 C0 0F   00 39 00 38 C0 09 C0 13  ...5>........49.2.8..
00.6.0.: 17
0040 00: 00 01 2F 00 C0 03 04 00 C0 13 0E 00 00  33  15  00  00 06 32 00 C0 07 08 00 C0  0192  00 00  0A.  ./.........3..2............
0050.: C0. 03. C0. 0D
0070 00: 0A 16 00  18 00 00B0 13 00  0C  00 00 FF  01   1090  00 3E 00 0A  .............>..
0060: 00 34 00 32 00 17 0000 01  0D  00  03 0000 13 0 E00  00 0F15  00 06  .4.2............
0070: 00 07 00 09 00 0A 00 18   00 0B 00 0C 00 19 00 0D  ................
0080: 00 0E 0000   0F. .00. .10. .00 11. .  00. 02. .00. 12. 00. .04. 00
0 00850 : 10  00. .11. 00. 02. .00. 12. 00. .  04. 00. 0.5. 00. 14. 
000090 : 0008 14  0000  08  00. .16. 00. 0B. .  .00. 02. 01. .00. .   .   .   .   
009 0.: 16. 00. 0B. 00. 02. 0.1. 00. .   .  .   
                      .......
connection-handler, READ: TLSv1 Handshake, length = 151
*** ClientHello, TLSv1
RandomCookie:  GMT: 1452158864 bytes = { 144, 1, 164, 63, 151, 41, 208, 11, 68, 10, 155, 153, 97, 136, 239, 14, 217, 106, 139, 108, 60, 233, 236, 203, 117, 224, 180, 209 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
[read] MD5 and SHA1 hashes:  len = 151
0000: 01 00 00 93 03 01 57 8E   30 90 90 01 A4 3F 97 29  ......W.0....?.)
0010: D0 0B 44 0A 9B 99 61 88   EF 0E D9 6A 8B 6C 3C E9  ..D...a....j.l<.
0020: EC CB 75 E0 B4 D1 00 00   2C C0 0A C0 14 00 35 C0  ..u.....,.....5.
0030: 05 C0 0F 00 39 00 38 C0   09 C0 13 00 2F C0 04 C0  ....9.8...../...
0040: 0E 00 33 00 32 C0 08 C0   12 00 0A C0 03 C0 0D 00  ..3.2...........
0050: 16 00 13 00 FF 01 00 00   3E 00 0A 00 34 00 32 00  ........>...4.2.
0060: 17 00 01 00 03 00 13 00   15 00 06 00 07 00 09 00  ................
0070: 0A 00 18 00 0B 00 0C 00   19 00 0D 00 0E 00 0F 00  ................
0080: 10 00 11 00 02 00 12 00   04 00 05 00 14 00 08 00  ................
0090: 16 00 0B 00 02 01 00                               .......
%% Initialized:  [Session-1, SSL_NULL_WITH_NULL_NULL]
%% Invalidated:  [Session-1, SSL_NULL_WITH_NULL_NULL]
connection-handler, SEND TLSv1 ALERT:  fatal, description = handshake_failure
connection-handler, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0[Raw read]: length = 5
0000000: : 15 03 01 00 02                     1   5       03    01    00  .02. 02. .28. 
   [Raw read]: length = 2
  0000   :    02    2   8                          .   .   .  .   .   .(   
                .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
connection-handler, called closeSocket()
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
connection-handler, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common