3
votes

a followup to these answers: Received fatal alert: handshake_failure through SSLHandshakeException

all the possibilities are ok in my example but i still get the handshake error: http://tibi.nl/obaangifte/result.txt

i have the keystore:

keyStore is : /home/tibi/Desktop/kdebnav/pki/DigiK-keesdeboekhoudercert.p12
keyStore type is : pkcs12
keyStore provider is : 

i have the trust store:

trustStore is: /tmp/jssecacerts
trustStore type is : jks
trustStore provider is : 
init truststore
adding as trusted cert:
  Subject: CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Issuer:  CN=SwissSign Platinum CA - G2, O=SwissSign AG, C=CH
  Algorithm: RSA; Serial number: 0x4eb200670c035d4f
  Valid from Wed Oct 25 10:36:00 CEST 2006 until Sat Oct 25 10:36:00 CEST 2036

adding as trusted cert:
  Subject: [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Issuer:  [email protected], CN=http://www.valicert.com/, OU=ValiCert Class 1 Policy Validation Authority, O="ValiCert, Inc.", L=ValiCert Validation Network
  Algorithm: RSA; Serial number: 0x1
  Valid from Sat Jun 26 00:23:48 CEST 1999 until Wed Jun 26 00:23:48 CEST 2019

the client hello:

*** ClientHello, TLSv1
RandomCookie:  GMT: 1375350579 bytes = { 158, 54, 71, 67, 110, 43, 27, 91, 239, 94, 125, 7, 57, 87, 239, 42, 229, 28, 231, 131, 77, 134, 191, 23, 136, 77, 178, 184 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_KRB5_WITH_RC4_128_SHA, TLS_KRB5_WITH_RC4_128_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_RC4_40_SHA, TLS_KRB5_EXPORT_WITH_RC4_40_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension server_name, server_name: [host_name: preprod.procesinfrastructuur.nl]
***

the serverhelllo:

*** ServerHello, TLSv1
RandomCookie:  GMT: 1375350579 bytes = { 74, 45, 118, 102, 8, 188, 62, 178, 165, 60, 109, 211, 180, 218, 61, 151, 149, 180, 241, 248, 193, 55, 206, 2, 176, 164, 102, 2 }
Session ID:  {91, 14, 36, 17, 25, 98, 4, 166, 25, 189, 88, 198, 140, 42, 21, 28, 155, 28, 54, 229, 138, 182, 118, 251, 243, 155, 202, 174, 31, 88, 32, 100}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
***

the sertificate chain:

*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=preprod.procesinfrastructuur.nl, SERIALNUMBER=00000004003214345001, OU=Servicemanagement, O=Logius, C=NL
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 18249182214419149210063076677589967813521146456403067623241816547978446511399574886828888739243940980495266965216864064570261538559132011314039583241068526655245382555049492483634968086295975872660042957472377652917868841866865009766550390575630057931526833629624799005363185066714687725808603312876141189878703177615795166666809366300424397887245080792319353731309639868256303608109437887773404443272502678345801322558356251590562835521063923573340889085686147043181386842850641561139359477151836102358978531405403748147972314023141208157877532420828093574976212569437996452915321503760621176076037459291924005464851
  public exponent: 65537
  Validity: [From: Sun Sep 04 02:00:00 CEST 2011,
               To: Thu Sep 04 01:59:59 CEST 2014]
  Issuer: CN=Getronics CSP Organisatie CA - G2, O=Getronics Nederland BV, C=NL
  SerialNumber: [    7a96b035 922c7702 dc3382c1 d2138775]

and the found trusted certificate:

***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=preprod.procesinfrastructuur.nl, SERIALNUMBER=00000004003214345001, OU=Servicemanagement, O=Logius, C=NL
  Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11

  Key:  Sun RSA public key, 2048 bits
  modulus: 18249182214419149210

but still the error.... here is the start where it goes wrong:

*** Finished
verify_data:  { 59, 116, 38, 62, 216, 102, 26, 110, 22, 125, 51, 1 }
***
[write] MD5 and SHA1 hashes:  len = 16
0000: 14 00 00 0C 3B 74 26 3E   D8 66 1A 6E 16 7D 33 01  ....;t&>.f.n..3.
Padded plaintext before ENCRYPTION:  len = 48
0000: 14 00 00 0C 3B 74 26 3E   D8 66 1A 6E 16 7D 33 01  ....;t&>.f.n..3.
0010: 8A 2A 7E 60 F1 86 96 DE   EA 49 27 77 62 02 1D 94  .*.`.....I'wb...
0020: C5 7C C3 99 0B 0B 0B 0B   0B 0B 0B 0B 0B 0B 0B 0B  ................
main, WRITE: TLSv1 Handshake, length = 48
[Raw write]: length = 53
0000: 16 03 01 00 30 DF 9C 60   94 78 FB C9 E4 B7 F9 91  ....0..`.x......
0010: 22 C0 FB 52 A9 0D 69 AB   A5 9E F7 E0 9F DA AF 1F  "..R..i.........
0020: B8 D7 22 D7 29 20 12 9C   EF 23 16 41 D9 80 B8 F7  ..".) ...#.A....
0030: DA 78 BB E7 E9                                     .x...
[Raw read]: length = 5
0000: 15 03 01 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
1
Far too much irrelevant information in your log file. Reduce it to the essentials and post it here. Edit it into your question.user207421
thanks for the suggestion. i will try different options for the javax.net.debugtibi
Is this problem resolved?The_Fox

1 Answers

0
votes

the service seemd to have a wrong wsdl. after an improved wsdl was provided i could proceed.

so take care the wsdl is good!