I am setting SSLv3 in tomcat v8.5 server.xml file using Nio Protocol and using Java 1.8. When i hit the request from IE ,i am getting response, but through a java code i am getting exception as below.
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
I updated the development.properties which is in users/db8/Appdata/LocalLow/sun/java/deployment/deployment.properties (deployment.security.SSLv3=true) and i removed SSLv3 from java.security file. I enabled sslv3 in Internet Explorer.
server.xml
<Connector protocol="org.apache.coyote.http11.Http11NioProtocol"
port="8443" maxThreads="200" scheme="https" secure="true"
SSLEnabled="true" keystoreFile="keystore.jks" keystorePass="changeit"
clientAuth="false" sslProtocol="SSLv3" />
java code
import java.net.URL;
import java.io.*;
import javax.net.ssl.HttpsURLConnection;
import java.net.HttpURLConnection;
public class JavaHttpsExample
{
public static void main(String[] args) throws Exception {
String certificatesTrustStorePath = "keystore.jks";
System.setProperty("javax.net.ssl.trustStore",
certificatesTrustStorePath);
System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
System.setProperty("https.protocols", "SSLv3");
System.setProperty("jdk.tls.client.protocols", "SSLv3");
String httpsURL = "https://ip:8443/test/getData";
URL myUrl = new URL(httpsURL);
HttpsURLConnection conn = (HttpsURLConnection)myUrl.openConnection();
try{
InputStream is = conn.getInputStream();
InputStreamReader isr = new InputStreamReader(is);
BufferedReader br = new BufferedReader(isr);
String inputLine;
while ((inputLine = br.readLine()) != null) {
System.out.println(inputLine);
}
br.close();
} catch(Exception e){
System.out.println("exxception"+e);
}
}
}
I am adding the result after updating debug = all
Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false main, setSoTimeout(0) called %% No cached client session update handshake state: client_hello[1] upcoming handshake states: server_hello[2] *** ClientHello, SSLv3 RandomCookie: GMT: 1547297410 bytes = { 170, 53, 106, 27, 73, 55, 4, 39, 195, 152, 66, 1, 124, 244, 6, 114, 106, 181, 46, 183, 184, 202, 56, 105, 225, 158, 210, 195 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ec_point_formats, formats: [uncompressed]
main, WRITE: SSLv3 Handshake, length = 107 main, READ: SSLv3 Alert, length = 2 main, RECV TLSv1.2 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure exxceptionjavax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
-Djavax.net.debug=all
, you can get a clue for why the ssl handshake fails. Also instead of usingSystem.getProperty()
provide all the ssl config. details in the java command line. – Ramesh Subramanian