I'm having thar error when consuming an https webservice. I have that error when running a client in Java 6. I can't change the version of the Jdk. I tried with jdk8 and it works perfectly.
What could be causing this error?
I added UnlimitedJCEPolicyJDK6 JAR's;
My client code:
System.setProperty("javax.net.ssl.trustStore", "bci-to-scoring-keystore-client.jks");
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
//connection.setSSLSocketFactory(ssl.getSocketFactory());
connection.setRequestMethod("POST");
connection.setDoOutput(true);
connection.setRequestProperty("Content-Type", "text/xml");
connection.setHostnameVerifier(new HostnameVerifier() {
public boolean verify(String hostname, SSLSession session) {
return true;
}
});
connection.connect();
Exception:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:136)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1822)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1004)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1188)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1215)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1199)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:434)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:166)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.connect(HttpsURLConnectionImpl.java:133)
at com.bci.test.JavaApplication7.execute(JavaApplication7.java:70)
at com.bci.test.JavaApplication7.main(JavaApplication7.java:33)
When running with -Djavax.net.debug=ssl
I have this:
keyStore is :
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
trustStore is: bci-to-scoring-keystore-client.jks
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=*.BCITESTES.LOCAL, OU=DSI - Direccao de Sistemas de Informacao, O="BCI - Banco Comercial e de Investimentos, SA", L=Maputo, ST=Maputo, C=MZ
Issuer: CN=BCI Enterprise Certificate Authority, DC=BCIFOMENTO, DC=CO, DC=MZ
Algorithm: RSA; Serial number: 0x43000000b6661aefae5816d09c0002000000b6
Valid from Wed Jun 03 09:10:22 CAT 2020 until Fri Jun 03 09:10:22 CAT 2022
adding as trusted cert:
Subject: CN=cliente.bci.scoring.co.mz, OU=DSI - Direccao de Sistemas de Informacao, O=BCI - Banco Comercial e de Investimentos, C=MZ, ST=Maputo, L=Maputo
Issuer: CN=cliente.bci.scoring.co.mz, OU=DSI - Direccao de Sistemas de Informacao, O=BCI - Banco Comercial e de Investimentos, C=MZ, ST=Maputo, L=Maputo
Algorithm: RSA; Serial number: 0x5f50ffd3
Valid from Thu Sep 03 16:38:11 CAT 2020 until Sat Aug 10 16:38:11 CAT 2120
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1599232592 bytes = { 73, 169, 83, 102, 108, 21, 161, 215, 189, 29, 218, 198, 42, 47, 144, 160, 202, 94, 179, 118, 28, 239, 54, 38, 199, 59, 222, 43 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
main, WRITE: TLSv1 Handshake, length = 81
main, WRITE: SSLv2 client hello message, length = 110
main, READ: Unknown-3.3 Alert, length = 2
main, RECV TLSv1 ALERT: fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
-Djavax.net.debug=ssl
. That usually flushes out problems like this. But if the problem is a cipher or algorithm that doesn't exist in Java 1.6, there might not be a lot you can do about it. – Minsk