Getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Question

Getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

7.6k Views Asked by user1211043 At 19 October 2024 at 21:47

I'm having thar error when consuming an https webservice. I have that error when running a client in Java 6. I can't change the version of the Jdk. I tried with jdk8 and it works perfectly.

What could be causing this error?

I added UnlimitedJCEPolicyJDK6 JAR's;

My client code:

            System.setProperty("javax.net.ssl.trustStore", "bci-to-scoring-keystore-client.jks");
        System.setProperty("javax.net.ssl.trustStorePassword", "changeit");

        
        HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
        //connection.setSSLSocketFactory(ssl.getSocketFactory());
        connection.setRequestMethod("POST");
        connection.setDoOutput(true);

        connection.setRequestProperty("Content-Type", "text/xml");
        connection.setHostnameVerifier(new HostnameVerifier() {
            public boolean verify(String hostname, SSLSession session) {
                return true;
            }
        });
        connection.connect();

Exception:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at com.bci.test.JavaApplication7.execute(JavaApplication7.java:70)
at com.bci.test.JavaApplication7.main(JavaApplication7.java:33)

When running with -Djavax.net.debug=ssl I have this:

keyStore is : 
keyStore type is : jks
keyStore provider is : 
init keystore
init keymanager of type SunX509
trustStore is: bci-to-scoring-keystore-client.jks
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=*.BCITESTES.LOCAL, OU=DSI - Direccao de Sistemas de Informacao, O="BCI - Banco Comercial e de Investimentos, SA", L=Maputo, ST=Maputo, C=MZ
  Issuer:  CN=BCI Enterprise Certificate Authority, DC=BCIFOMENTO, DC=CO, DC=MZ
  Algorithm: RSA; Serial number: 0x43000000b6661aefae5816d09c0002000000b6
  Valid from Wed Jun 03 09:10:22 CAT 2020 until Fri Jun 03 09:10:22 CAT 2022

adding as trusted cert:
  Subject: CN=cliente.bci.scoring.co.mz, OU=DSI - Direccao de Sistemas de Informacao, O=BCI - Banco Comercial e de Investimentos, C=MZ, ST=Maputo, L=Maputo
  Issuer:  CN=cliente.bci.scoring.co.mz, OU=DSI - Direccao de Sistemas de Informacao, O=BCI - Banco Comercial e de Investimentos, C=MZ, ST=Maputo, L=Maputo
  Algorithm: RSA; Serial number: 0x5f50ffd3
  Valid from Thu Sep 03 16:38:11 CAT 2020 until Sat Aug 10 16:38:11 CAT 2120

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1599232592 bytes = { 73, 169, 83, 102, 108, 21, 161, 215, 189, 29, 218, 198, 42, 47, 144, 160, 202, 94, 179, 118, 28, 239, 54, 38, 199, 59, 222, 43 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 81
main, WRITE: SSLv2 client hello message, length = 110
main, READ: Unknown-3.3 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Original Q&A

There are 1 best solutions below

**Udara Seneviratne** · Answer 1

In JDK 6 and JDK 7, SSL is not enabled by default. It is required to enable the above SSL versions through the tomcat.

Add the following parameter into the [TOMCAT_PATH]/bin/setenv.sh file.

-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

Getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

There are 1 best solutions below

Related Questions in JAVA

Related Questions in HTTPS

Related Questions in JAVA-8

Related Questions in JCE

Related Questions in JDK6

Trending Questions

Popular # Hahtags

Popular Questions