0 Replies Latest reply on Mar 19, 2020 10:17 PM by 3881282

    jre1.8.0_241 handshake failure

    3881282

      Hello,

      we trying to make an connection with a SAP Message Server through SAP Process Orchestration, but we get a handshake failure.

       

      The following cipher suites are supported by the SAP Message Server:

      TLSv1.2:

      ciphers:

             TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (secp256r1)

             TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (secp256r1)

             TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (secp256r1)

             TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (secp256r1)

             TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1)

       

      The JRE sent the following ciphers while doing the client hello:

      Cipher Suites (14 suites)

          Cipher Suite: TLS_RSA_WITH_AES_256_GCM_SHA384 (0x009d)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_GCM_SHA384 (0xc07b)

          Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003d)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA256 (0x00c0)

          Cipher Suite: TLS_RSA_WITH_AES_128_GCM_SHA256 (0x009c)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_GCM_SHA256 (0xc07a)

          Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003c)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA256 (0x00ba)

          Cipher Suite: TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x0084)

          Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA (0x002f)

          Cipher Suite: TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x0041)

          Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)

          Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)

       

      Is it possible to configure JRE to sent the TLS_ECDHE ciphers to the server?

       

      I tried to disable the TLS_RSA ciphers with the setting jdk.tls.disabledAlgorithms in java.security, but JRE still sent the TLS_RSA ciphers to the server.

      And i also played around with many other configurations like jdk.jar.disabledAlgorithms, jdk.tls.legacyAlgorithms and crypto.policy. But the JRE client still sending the TLS_RSA ciphers.

       

      Hope you guys have a solution for this issue.

       

      Best regards

       

      Ka