Changes between Version 3 and Version 4 of ESGF_SSLHandshakeException

Timestamp:

Oct 28, 2014 2:55:07 PM (7 years ago)

Author:

terryk

Comment:

--

ESGF_SSLHandshakeException

@@ -5 +5 @@
 http://stackoverflow.com/questions/6383207/how-to-use-tlsv1-or-sslv3-for-first-handshakeclient-hello-in-java
 
-When making an HTTPS connection, let’s assume that the client threw the following exception due to a failed handshake with the server:
+javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
 
- javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
+trigger seeding of SecureRandom
+done seeding SecureRandom
+Allow unsafe renegotiation: false
+Allow legacy hello messages: true
+Is initial handshake: true
+Is secure renegotiation: false
+%% No cached client session
+*** ClientHello, TLSv1
+RandomCookie:  GMT: 1414437400 bytes = { 141, 161, 100, 14, 170, 248, 62, 119, 104, 169, 61, 146, 199, 29, 125, 247, 244, 123, 203, 164, 93, 238, 67, 227, 60, 154, 57, 233 }
+Session ID:  {}
+Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
+Compression Methods:  { 0 }
+Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
+Extension ec_point_formats, formats: [uncompressed]
+***
+[write] MD5 and SHA1 hashes:  len = 177
+0000: 01 00 00 AD 03 01 54 4F   9A 18 8D A1 64 0E AA F8  ......TO....d...
+0010: 3E 77 68 A9 3D 92 C7 1D   7D F7 F4 7B CB A4 5D EE  >wh.=.........].
+0020: 43 E3 3C 9A 39 E9 00 00   46 00 04 00 05 00 2F 00  C.<.9...F...../.
+0030: 35 C0 02 C0 04 C0 05 C0   0C C0 0E C0 0F C0 07 C0  5...............
+0040: 09 C0 0A C0 11 C0 13 C0   14 00 33 00 39 00 32 00  ..........3.9.2.
+0050: 38 00 0A C0 03 C0 0D C0   08 C0 12 00 16 00 13 00  8...............
+0060: 09 00 15 00 12 00 03 00   08 00 14 00 11 00 FF 01  ................
+0070: 00 00 3E 00 0A 00 34 00   32 00 17 00 01 00 03 00  ..>...4.2.......
+0080: 13 00 15 00 06 00 07 00   09 00 0A 00 18 00 0B 00  ................
+0090: 0C 00 19 00 0D 00 0E 00   0F 00 10 00 11 00 02 00  ................
+00A0: 12 00 04 00 05 00 14 00   08 00 16 00 0B 00 02 01  ................
+00B0: 00                                                 .
+main, WRITE: TLSv1 Handshake, length = 177
+[write] MD5 and SHA1 hashes:  len = 173
+0000: 01 03 01 00 84 00 00 00   20 00 00 04 01 00 80 00  ........ .......
+0010: 00 05 00 00 2F 00 00 35   00 C0 02 00 C0 04 01 00  ..../..5........
+0020: 80 00 C0 05 00 C0 0C 00   C0 0E 00 C0 0F 00 C0 07  ................
+0030: 05 00 80 00 C0 09 06 00   40 00 C0 0A 07 00 C0 00  ........@.......
+0040: C0 11 00 C0 13 00 C0 14   00 00 33 00 00 39 00 00  ..........3..9..
+0050: 32 00 00 38 00 00 0A 07   00 C0 00 C0 03 02 00 80  2..8............
+0060: 00 C0 0D 00 C0 08 00 C0   12 00 00 16 00 00 13 00  ................
+0070: 00 09 06 00 40 00 00 15   00 00 12 00 00 03 02 00  ....@...........
+0080: 80 00 00 08 00 00 14 00   00 11 00 00 FF 54 4F 9A  .............TO.
+0090: 18 8D A1 64 0E AA F8 3E   77 68 A9 3D 92 C7 1D 7D  ...d...>wh.=....
+00A0: F7 F4 7B CB A4 5D EE 43   E3 3C 9A 39 E9           .....].C.<.9.
+main, WRITE: SSLv2 client hello message, length = 173
+[Raw write]: length = 175
+0000: 80 AD 01 03 01 00 84 00   00 00 20 00 00 04 01 00  .......... .....
+0010: 80 00 00 05 00 00 2F 00   00 35 00 C0 02 00 C0 04  ....../..5......
+0020: 01 00 80 00 C0 05 00 C0   0C 00 C0 0E 00 C0 0F 00  ................
+0030: C0 07 05 00 80 00 C0 09   06 00 40 00 C0 0A 07 00  ..........@.....
+0040: C0 00 C0 11 00 C0 13 00   C0 14 00 00 33 00 00 39  ............3..9
+0050: 00 00 32 00 00 38 00 00   0A 07 00 C0 00 C0 03 02  ..2..8..........
+0060: 00 80 00 C0 0D 00 C0 08   00 C0 12 00 00 16 00 00  ................
+0070: 13 00 00 09 06 00 40 00   00 15 00 00 12 00 00 03  ......@.........
+0080: 02 00 80 00 00 08 00 00   14 00 00 11 00 00 FF 54  ...............T
+0090: 4F 9A 18 8D A1 64 0E AA   F8 3E 77 68 A9 3D 92 C7  O....d...>wh.=..
+00A0: 1D 7D F7 F4 7B CB A4 5D   EE 43 E3 3C 9A 39 E9     .......].C.<.9.
+[Raw read]: length = 5
+0000: 15 03 01 00 02                                     .....
+[Raw read]: length = 2
+0000: 02 28                                              .(
+main, READ: TLSv1 Alert, length = 2
+main, RECV TLSv1 ALERT:  fatal, handshake_failure
+main, called closeSocket()
+main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
 
-Applying the -Djavax.net.debug=all property from above, the failure associated with this SSLHandshakeException would appear immediately after algorithm negotiation in the logs.