Received fatal alert: handshake_failure through SSLHandshakeException

0 votes

I have a problem with authorized SSL connection. I have created Struts Action that connects to external server with Client Authorized SSL certificate. In my Action I am trying to send some data to bank server but without any luck, because I have as a result from server the following error:

error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

My Method from my Action class that sends data to server

//Getting external IP from host
    URL whatismyip = new URL("http://automation.whatismyip.com/n09230945.asp");
    BufferedReader inIP = new BufferedReader(new InputStreamReader(whatismyip.openStream()));

    String IPStr = inIP.readLine(); //IP as a String

    Merchant merchant;

    System.out.println("amount: " + amount + ", currency: " + currency + ", clientIp: " + IPStr + ", description: " + description);

    try {

        merchant = new Merchant(context.getRealPath("/") + "merchant.properties");

    } catch (ConfigurationException e) {

        Logger.getLogger(HomeAction.class.getName()).log(Level.INFO, "message", e);
        System.err.println("error: " + e.getMessage());
        return ERROR;
    }

    String result = merchant.sendTransData(amount, currency, IPStr, description);

    System.out.println("result: " + result);

    return SUCCESS;

My merchant.properties file:

bank.server.url=https://-servernameandport-/
https.cipher=-cipher-

keystore.file=-key-.jks
keystore.type=JKS
keystore.password=-password-
ecomm.server.version=2.0

encoding.source=UTF-8
encoding.native=UTF-8

For the first time I thought this is a certificate problem, I converted it from .pfx to .jks, but I have the same error, with no changes.

Dec 5, 2018 in Java by Sushmita
• 6,880 points
749 views

1 answer to this question.

0 votes

On update 51, java 1.8 prohibited[1] RC4 ciphers by default, as we can see on the Release Notes page:

Bug Fix: Prohibit RC4 cipher suites

RC4 is now considered as a compromised cipher.

RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods. See JDK-8077109 (not public).

If your server has a strong preference for this cipher (or use only this cipher) this can trigger a handshake_failure on java.

You can test connecting to the server enabling RC4 ciphers (first, try without enabledargument to see if triggers a handshake_failure, then set enabled:

import javax.net.ssl.SSLSocketFactory;
import java.io.*;

import java.util.Arrays;

/** Establish a SSL connection to a host and port, writes a byte and
 * prints the response. See
 * http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
 */
public class SSLRC4Poke {
    public static void main(String[] args) {
        String[] cyphers;
        if (args.length < 2) {
            System.out.println("Usage: "+SSLRC4Poke.class.getName()+" <host> <port> enable");
            System.exit(1);
        }
        try {
            SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));

            cyphers = sslsocketfactory.getSupportedCipherSuites();
            if (args.length ==3){
                sslsocket.setEnabledCipherSuites(new String[]{
                    "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
                   "SSL_DH_anon_WITH_RC4_128_MD5",
                    "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
                    "SSL_RSA_WITH_RC4_128_MD5",
                    "SSL_RSA_WITH_RC4_128_SHA",
                    "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
                    "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
                    "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
                    "TLS_ECDH_RSA_WITH_RC4_128_SHA",
                    "TLS_ECDH_anon_WITH_RC4_128_SHA",
                    "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
                    "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
                    "TLS_KRB5_WITH_RC4_128_MD5",
                    "TLS_KRB5_WITH_RC4_128_SHA"
                });     
            }

            InputStream in = sslsocket.getInputStream();
            OutputStream out = sslsocket.getOutputStream();

            // Write a test byte to get a reaction :)
            out.write(1);

            while (in.available() > 0) {
                System.out.print(in.read());
            }
            System.out.println("Successfully connected");

        } catch (Exception exception) {
 exception.printStackTrace();
        }
    }
}
answered Dec 5, 2018 by Daisy
• 8,050 points

Related Questions In Java

0 votes
0 answers

Ho do I Iterate through a HashMap which contains duplicate values

What is the fastest and the best ...READ MORE

Apr 16, 2018 in Java by Daisy
• 8,050 points
63 views
0 votes
2 answers

Ho do I Iterate through a HashMap which contains duplicate values

for (Map.Entry<String, String> item : params.entrySet()) { ...READ MORE

answered Jul 24, 2018 in Java by samarth295
• 2,190 points
187 views
0 votes
1 answer
0 votes
2 answers

What is the easiest way to iterate through the characters of a string in Java?

There are two approaches to this: for(int i ...READ MORE

answered Aug 19 in Java by Sirajul
• 39,540 points
91 views
0 votes
1 answer

What is ArrayIndexOutOfBoundsException ?

If You check System.out.print(names.length); you will get 3 ...READ MORE

answered May 11, 2018 in Java by sharth
• 3,350 points
93 views
0 votes
1 answer

How can we resolve ClassNotFoundException in Java?

Your classpath is broken. Depending on how you ...READ MORE

answered May 22, 2018 in Java by Akrati
• 3,150 points
79 views
0 votes
1 answer

How to resolve the java.net.ConnectException in Java?

If you are getting java.net.ConnectionException, it means ...READ MORE

answered Jun 4, 2018 in Java by Akrati
• 3,150 points
206 views
+1 vote
1 answer

How can we resolve java.lang.OutOfMemoryError in Java?

Work with smaller batches of HashMap Objects ...READ MORE

answered Jun 5, 2018 in Java by sharth
• 3,350 points
83 views
0 votes
1 answer

How can we handle the javax.net.ssl.SSLHandshakeException?

import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.io.OutputStream; // ...READ MORE

answered Oct 10, 2018 in Java by Daisy
• 8,050 points
182 views
0 votes
1 answer

Access DFS through Java API

It is because, may be you are ...READ MORE

answered Mar 22, 2018 in Big Data Hadoop by nitinrawat895
• 10,730 points
357 views