Using java -version: 1.8.0_171,I am trying to connect to API gateway but getting an SSL handshake_failure with Java 8.Already runed command:
keytool -import -alias yan3 -file NBCO_YM_Root.cer -keystore /usr/jdk/jre/lib/security/cacerts
this is my request code.
OkHttpClient client=new OkHttpClient.Builder()
.connectTimeout(90,TimeUnit.SECONDS)
.readTimeout(90,TimeUnit.SECONDS)
.writeTimeout(90,TimeUnit.SECONDS)
.build();
log.info("SupportedCipherSuites is {} and DefaultCipherSuites is {}",
client.sslSocketFactory().getSupportedCipherSuites(),
client.sslSocketFactory().getDefaultCipherSuites()
);
RequestBody requestBody=new RequestBody() {
@Override
public MediaType contentType() {
return MediaType.parse(contentType);
}
@Override
public void writeTo(BufferedSink sink) throws IOException {
sink.writeString(data,Charset.forName("utf-8"));
}
};
Request request=new Request.Builder()
.url(url)
.post(requestBody).build();
Response okResponse=client.newCall(request).execute();
response=okResponse.body().string();
return response;
log print [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_DH_anon_WITH_AES_256_GCM_SHA384, TLS_DH_anon_WITH_AES_128_GCM_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, TLS_RSA_WITH_NULL_SHA256, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5] and DefaultCipherSuites is [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
When I enabled -Djavax.net.debug=all
I got the below info:
*** ServerHelloDone
[read] MD5 and SHA1 hashes: len = 4
0000: 0E 00 00 00 ....
Warning: no suitable certificate found - continuing without client authentication
*** Certificate chain
<Empty>
***
*** ECDHClientKeyExchange
ECDH Public value: { 4, 102, 174, 65, 31, 164, 120, 177, 145, 20, 194, 229, 169, 146, 135, 72, 51, 133, 74, 46, 248, 110, 104, 154, 217, 12, 21, 84, 186, 80, 122, 237, 224, 3, 46, 164, 118, 211, 60, 131, 74, 182, 7, 186, 14, 42, 161, 155, 115, 99, 130, 76, 45, 122, 220, 150, 246, 56, 145, 226, 217, 216, 75, 124, 120 }
[write] MD5 and SHA1 hashes: len = 77
0000: 0B 00 00 03 00 00 00 10 00 00 42 41 04 66 AE 41 ..........BA.f.A
0010: 1F A4 78 B1 91 14 C2 E5 A9 92 87 48 33 85 4A 2E ..x........H3.J.
0020: F8 6E 68 9A D9 0C 15 54 BA 50 7A ED E0 03 2E A4 .nh....T.Pz.....
0030: 76 D3 3C 83 4A B6 07 BA 0E 2A A1 9B 73 63 82 4C v.<.J....*..sc.L
0040: 2D 7A DC 96 F6 38 91 E2 D9 D8 4B 7C 78 -z...8....K.x
main, WRITE: TLSv1.2 Handshake, length = 77
[Raw write]: length = 82
0000: 16 03 03 00 4D 0B 00 00 03 00 00 00 10 00 00 42 ....M..........B
0010: 41 04 66 AE 41 1F A4 78 B1 91 14 C2 E5 A9 92 87 A.f.A..x........
0020: 48 33 85 4A 2E F8 6E 68 9A D9 0C 15 54 BA 50 7A H3.J..nh....T.Pz
0030: ED E0 03 2E A4 76 D3 3C 83 4A B6 07 BA 0E 2A A1 .....v.<.J....*.
0040: 9B 73 63 82 4C 2D 7A DC 96 F6 38 91 E2 D9 D8 4B .sc.L-z...8....K
0050: 7C 78 .x
SESSION KEYGEN:
PreMaster Secret:
0000: E7 91 B7 33 39 96 BC A7 64 CA 57 72 F0 F3 3D 55 ...39...d.Wr..=U
0010: 8D 92 46 09 14 EC FE 03 4C D4 5D 78 13 D9 71 F8 ..F.....L.]x..q.
CONNECTION KEYGEN:
Client Nonce:
0000: 5C 24 3A 99 79 97 E9 41 09 92 A2 B7 28 BC CF 49 \$:.y..A....(..I
0010: 51 DE 24 08 91 A0 AE 81 85 1C FC 1C 50 6E A6 D9 Q.$.........Pn..
Server Nonce:
0000: D2 E0 11 21 B8 1A 1A 53 9F 29 F3 FE 5F CD D4 9C ...!...S.).._...
0010: 2D 81 F7 A7 99 9A BB E4 CA B4 21 1A F8 F1 26 66 -.........!...&f
Master Secret:
0000: 25 58 06 E2 09 FA BD 3F 5B 95 A0 DA 71 43 E2 37 %X.....?[...qC.7
0010: C5 49 02 7B 8D 34 08 72 61 5B 09 21 D2 65 56 88 .I...4.ra[.!.eV.
0020: A1 CD 53 AB 70 E0 FA 04 CD 9C A3 97 75 BC 77 92 ..S.p.......u.w.
... no MAC keys used for this cipher
Client write key:
0000: 04 D4 E6 FB DF F9 B5 E3 FC CA AD 34 7E 2D EB D0 ...........4.-..
Server write key:
0000: 92 8C CB AA EA 53 9D 5C D7 30 E4 C5 EC 04 0A C5 .....S.\.0......
Client write IV:
0000: ED BC 50 EC ..P.
Server write IV:
0000: 95 3C 80 3C .<.<
main, WRITE: TLSv1.2 Change Cipher Spec, length = 1
[Raw write]: length = 6
0000: 14 03 03 00 01 01 ......
*** Finished
verify_data: { 28, 130, 230, 116, 237, 69, 86, 36, 23, 9, 45, 129 }
***
[write] MD5 and SHA1 hashes: len = 16
0000: 14 00 00 0C 1C 82 E6 74 ED 45 56 24 17 09 2D 81 .......t.EV$..-.
Padded plaintext before ENCRYPTION: len = 16
0000: 14 00 00 0C 1C 82 E6 74 ED 45 56 24 17 09 2D 81 .......t.EV$..-.
main, WRITE: TLSv1.2 Handshake, length = 40
[Raw write]: length = 45
0000: 16 03 03 00 28 00 00 00 00 00 00 00 00 01 41 1B ....(.........A.
0010: 44 6C C3 A5 E1 A8 62 11 C6 85 9F 91 BA 8E 96 1D Dl....b.........
0020: D9 30 07 0D 3B 3E B7 C2 84 5B AD E2 A5 .0..;>...[...
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT: fatal, handshake_failure
%% Invalidated: [Session-1, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256]
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
main, called close()
main, called closeInternal(true)
update
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Supported Signature Algorithms: SHA512withRSA, Unknown (hash:0x6, signature:0x2), SHA512withECDSA, SHA384withRSA, Unknown (hash:0x5, signature:0x2), SHA384withECDSA, SHA256withRSA, SHA256withDSA, SHA256withECDSA, SHA224withRSA, SHA224withDSA, SHA224withECDSA, SHA1withRSA, SHA1withDSA, SHA1withECDSA
Cert Authorities:
<CN=Yandex Money Root CA, O=PS Yandex.Money, C=RU>
<CN=Yandex Money Issuing CA, O=PS Yandex.Money, C=RU>
<CN=NBCO YM Root, O=Yandex.Money, L=Moscow, C=RU>
<CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE>
<CN=GlobalSign Domain Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE>
<CN=thawte DV SSL CA - G2, OU=Domain Validated SSL, O="thawte, Inc.", C=US>
<CN=thawte Primary Root CA, OU="(c) 2006 thawte, Inc. - For authorized use only", OU=Certification Services Division, O="thawte, Inc.", C=US>
<CN=NBCO YM Int, DC=yamoney, DC=ru>