Changes between Version 3 and Version 4 of ESGF_SSLHandshakeException


Ignore:
Timestamp:
Oct 28, 2014 2:55:07 PM (7 years ago)
Author:
terryk
Comment:

--

Legend:

Unmodified
Added
Removed
Modified
  • ESGF_SSLHandshakeException

    v3 v4  
    55http://stackoverflow.com/questions/6383207/how-to-use-tlsv1-or-sslv3-for-first-handshakeclient-hello-in-java
    66
    7 When making an HTTPS connection, let’s assume that the client threw the following exception due to a failed handshake with the server:
     7javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    88
    9  javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
     9trigger seeding of SecureRandom
     10done seeding SecureRandom
     11Allow unsafe renegotiation: false
     12Allow legacy hello messages: true
     13Is initial handshake: true
     14Is secure renegotiation: false
     15%% No cached client session
     16*** ClientHello, TLSv1
     17RandomCookie:  GMT: 1414437400 bytes = { 141, 161, 100, 14, 170, 248, 62, 119, 104, 169, 61, 146, 199, 29, 125, 247, 244, 123, 203, 164, 93, 238, 67, 227, 60, 154, 57, 233 }
     18Session ID:  {}
     19Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
     20Compression Methods:  { 0 }
     21Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
     22Extension ec_point_formats, formats: [uncompressed]
     23***
     24[write] MD5 and SHA1 hashes:  len = 177
     250000: 01 00 00 AD 03 01 54 4F   9A 18 8D A1 64 0E AA F8  ......TO....d...
     260010: 3E 77 68 A9 3D 92 C7 1D   7D F7 F4 7B CB A4 5D EE  >wh.=.........].
     270020: 43 E3 3C 9A 39 E9 00 00   46 00 04 00 05 00 2F 00  C.<.9...F...../.
     280030: 35 C0 02 C0 04 C0 05 C0   0C C0 0E C0 0F C0 07 C0  5...............
     290040: 09 C0 0A C0 11 C0 13 C0   14 00 33 00 39 00 32 00  ..........3.9.2.
     300050: 38 00 0A C0 03 C0 0D C0   08 C0 12 00 16 00 13 00  8...............
     310060: 09 00 15 00 12 00 03 00   08 00 14 00 11 00 FF 01  ................
     320070: 00 00 3E 00 0A 00 34 00   32 00 17 00 01 00 03 00  ..>...4.2.......
     330080: 13 00 15 00 06 00 07 00   09 00 0A 00 18 00 0B 00  ................
     340090: 0C 00 19 00 0D 00 0E 00   0F 00 10 00 11 00 02 00  ................
     3500A0: 12 00 04 00 05 00 14 00   08 00 16 00 0B 00 02 01  ................
     3600B0: 00                                                 .
     37main, WRITE: TLSv1 Handshake, length = 177
     38[write] MD5 and SHA1 hashes:  len = 173
     390000: 01 03 01 00 84 00 00 00   20 00 00 04 01 00 80 00  ........ .......
     400010: 00 05 00 00 2F 00 00 35   00 C0 02 00 C0 04 01 00  ..../..5........
     410020: 80 00 C0 05 00 C0 0C 00   C0 0E 00 C0 0F 00 C0 07  ................
     420030: 05 00 80 00 C0 09 06 00   40 00 C0 0A 07 00 C0 00  ........@.......
     430040: C0 11 00 C0 13 00 C0 14   00 00 33 00 00 39 00 00  ..........3..9..
     440050: 32 00 00 38 00 00 0A 07   00 C0 00 C0 03 02 00 80  2..8............
     450060: 00 C0 0D 00 C0 08 00 C0   12 00 00 16 00 00 13 00  ................
     460070: 00 09 06 00 40 00 00 15   00 00 12 00 00 03 02 00  ....@...........
     470080: 80 00 00 08 00 00 14 00   00 11 00 00 FF 54 4F 9A  .............TO.
     480090: 18 8D A1 64 0E AA F8 3E   77 68 A9 3D 92 C7 1D 7D  ...d...>wh.=....
     4900A0: F7 F4 7B CB A4 5D EE 43   E3 3C 9A 39 E9           .....].C.<.9.
     50main, WRITE: SSLv2 client hello message, length = 173
     51[Raw write]: length = 175
     520000: 80 AD 01 03 01 00 84 00   00 00 20 00 00 04 01 00  .......... .....
     530010: 80 00 00 05 00 00 2F 00   00 35 00 C0 02 00 C0 04  ....../..5......
     540020: 01 00 80 00 C0 05 00 C0   0C 00 C0 0E 00 C0 0F 00  ................
     550030: C0 07 05 00 80 00 C0 09   06 00 40 00 C0 0A 07 00  ..........@.....
     560040: C0 00 C0 11 00 C0 13 00   C0 14 00 00 33 00 00 39  ............3..9
     570050: 00 00 32 00 00 38 00 00   0A 07 00 C0 00 C0 03 02  ..2..8..........
     580060: 00 80 00 C0 0D 00 C0 08   00 C0 12 00 00 16 00 00  ................
     590070: 13 00 00 09 06 00 40 00   00 15 00 00 12 00 00 03  ......@.........
     600080: 02 00 80 00 00 08 00 00   14 00 00 11 00 00 FF 54  ...............T
     610090: 4F 9A 18 8D A1 64 0E AA   F8 3E 77 68 A9 3D 92 C7  O....d...>wh.=..
     6200A0: 1D 7D F7 F4 7B CB A4 5D   EE 43 E3 3C 9A 39 E9     .......].C.<.9.
     63[Raw read]: length = 5
     640000: 15 03 01 00 02                                     .....
     65[Raw read]: length = 2
     660000: 02 28                                              .(
     67main, READ: TLSv1 Alert, length = 2
     68main, RECV TLSv1 ALERT:  fatal, handshake_failure
     69main, called closeSocket()
     70main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    1071
    11 Applying the -Djavax.net.debug=all property from above, the failure associated with this SSLHandshakeException would appear immediately after algorithm negotiation in the logs.
    1272
    1373