Handshake failure with Java when I try to do a POST -


i try contact *** , send data using post.

i use jersey-bundle-1.18.jar have imported eclipse project. code:

    client client = client.create();     webresource webresource = client.resource("https://somesite.com");     multivaluedmap<string, string> map = new multivaluedmapimpl();     map.putsingle("key_name", api_key_name);     map.putsingle("key_value", api_key_value);     map.putsingle("message", "test");     map.putsingle("extension", "+0012345678");     clientresponse response = webresource.type("application/x-www-form-urlencoded")                  .post(clientresponse.class, map); // throws exception here     return response.tostring();

when run code javax.net.ssl.sslhandshakeexception. certificate used site startcom, , don't think ca in java's default truststore, @ not least in java 6, according this poster

i ran program jvm flag -djavax.net.debug=all , got:

trigger seeding of securerandom done seeding securerandom ignoring unavailable cipher suite: tls_ecdhe_rsa_with_aes_256_cbc_sha ignoring unavailable cipher suite: tls_dhe_rsa_with_aes_256_cbc_sha ignoring unavailable cipher suite: tls_ecdh_rsa_with_aes_256_cbc_sha ignoring unsupported cipher suite: tls_dhe_dss_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_dhe_dss_with_aes_256_cbc_sha256 ignoring unsupported cipher suite: tls_dhe_rsa_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_ecdh_rsa_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_dhe_rsa_with_aes_256_cbc_sha256 ignoring unsupported cipher suite: tls_ecdhe_rsa_with_aes_256_cbc_sha384 ignoring unsupported cipher suite: tls_ecdh_ecdsa_with_aes_256_cbc_sha384 ignoring unsupported cipher suite: tls_rsa_with_aes_256_cbc_sha256 ignoring unavailable cipher suite: tls_ecdhe_ecdsa_with_aes_256_cbc_sha ignoring unsupported cipher suite: tls_ecdhe_rsa_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_ecdhe_ecdsa_with_aes_256_cbc_sha384 ignoring unavailable cipher suite: tls_dhe_dss_with_aes_256_cbc_sha ignoring unsupported cipher suite: tls_ecdh_rsa_with_aes_256_cbc_sha384 ignoring unsupported cipher suite: tls_ecdhe_ecdsa_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_ecdh_ecdsa_with_aes_128_cbc_sha256 ignoring unavailable cipher suite: tls_ecdh_ecdsa_with_aes_256_cbc_sha ignoring unavailable cipher suite: tls_rsa_with_aes_256_cbc_sha ignoring unsupported cipher suite: tls_rsa_with_aes_128_cbc_sha256 allow unsafe renegotiation: false allow legacy hello messages: true initial handshake: true secure renegotiation: false main, setsotimeout(0) called %% no cached client session *** clienthello, tlsv1 randomcookie:  gmt: 1391505439 bytes = { 186, 52, 225, 5, 67, 137, 170, 128, 220, 41, 178, 86, 199, 17, 150, 190, 23, 47, 217, 126, 162, 34, 68, 40, 216, 221, 193, 108 } session id:  {} cipher suites: [tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_ecdh_ecdsa_with_aes_128_cbc_sha, tls_ecdh_rsa_with_aes_128_cbc_sha, tls_dhe_rsa_with_aes_128_cbc_sha, tls_dhe_dss_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_rc4_128_sha, tls_ecdhe_rsa_with_rc4_128_sha, ssl_rsa_with_rc4_128_sha, tls_ecdh_ecdsa_with_rc4_128_sha, tls_ecdh_rsa_with_rc4_128_sha, tls_ecdhe_ecdsa_with_3des_ede_cbc_sha, tls_ecdhe_rsa_with_3des_ede_cbc_sha, ssl_rsa_with_3des_ede_cbc_sha, tls_ecdh_ecdsa_with_3des_ede_cbc_sha, tls_ecdh_rsa_with_3des_ede_cbc_sha, ssl_dhe_rsa_with_3des_ede_cbc_sha, ssl_dhe_dss_with_3des_ede_cbc_sha, ssl_rsa_with_rc4_128_md5, tls_empty_renegotiation_info_scsv] compression methods:  { 0 } extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} extension ec_point_formats, formats: [uncompressed] extension server_name, server_name: [host_name: ***] *** [write] md5 , sha1 hashes:  len = 176 0000: 01 00 00 ac 03 01 53 f1   b0 1f ba 34 e1 05 43 89  ......s....4..c. 0010: aa 80 dc 29 b2 56 c7 11   96 17 2f d9 7e a2 22  ...).v...../..." 0020: 44 28 d8 dd c1 6c 00 00   2a c0 09 c0 13 00 2f c0  d(...l..*...../. 0030: 04 c0 0e 00 33 00 32 c0   07 c0 11 00 05 c0 02 c0  ....3.2......... 0040: 0c c0 08 c0 12 00 0a c0   03 c0 0d 00 16 00 13 00  ................ 0050: 04 00 ff 01 00 00 59 00   0a 00 34 00 32 00 17 00  ......y...4.2... 0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0a 00  ................ 0070: 18 00 0b 00 0c 00 19 00   0d 00 0e 00 0f 00 10 00  ................ 0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................ main, write: tlsv1 handshake, length = 176 [raw write]: length = 181 0000: 16 03 01 00 b0 01 00 00   ac 03 01 53 f1 b0 1f ba  ...........s.... 0010: 34 e1 05 43 89 aa 80 dc   29 b2 56 c7 11 96 17  4..c....).v..... 0020: 2f d9 7e a2 22 44 28 d8   dd c1 6c 00 00 2a c0 09  /..."d(...l..*.. 0030: c0 13 00 2f c0 04 c0 0e   00 33 00 32 c0 07 c0 11  .../.....3.2.... 0040: 00 05 c0 02 c0 0c c0 08   c0 12 00 0a c0 03 c0 0d  ................ 0050: 00 16 00 13 00 04 00 ff   01 00 00 59 00 0a 00 34  ...........y...4 0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07  .2.............. 0070: 00 09 00 0a 00 18 00 0b   00 0c 00 19 00 0d 00 0e  ................ 0080: 00 0f 00 10 00 11 00 02   00 12 00 04 00 05 00 14  ................ 0090: 00 08 00 16 00 0b 00 02   01 00 00 00 00 17 00 15  ................ [raw read]: length = 5 0000: 15 03 01 00 02                                     ..... [raw read]: length = 2 0000: 02 28                                              .( main, read: tlsv1 alert, length = 2 main, recv tlsv1 alert:  fatal, handshake_failure main, called closesocket() main, handling exception: javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure main, called close() main, called closeinternal(true) exception in thread "main" com.sun.jersey.api.client.clienthandlerexception: javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure

what's wrong, , how can make work?

edit: mentioned below, downloaded java cryptography extension (jce) unlimited strength jurisdiction policy files, java 7, since version of java i'm using , copied jar files /lib/security per instructions.

i ran program again, , got stuck @ exception. i've copied couple of rows eclipse console:

%% invalidated: [session-1, tls_ecdhe_rsa_with_aes_256_cbc_sha] main, send tlsv1 alert: fatal, description = certificate_unknown main, write: tlsv1 alert, length = 2 [raw write]: length = 7 0000: 15 03 01 00 02 02 2e ....... main, called closesocket() main, handling exception: javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target

this time, seems startcom certificate in java's truststore missing @ last. i'm sure it's possible overcome problem, since consider deploy code jar file can used other people, don't think it's feasible solution let people replace jce policy files in order use library.

i bit nonplussed when first encountered error because had executed same code before successful results, when think it, used openjdk , not oracle's proprietary jdk. when used openjdk didn't had encryption problem either. so, seems i've 2 bad choices here:

1). force users switch java development kit openjdk, or service/library won't work.

2). force users replace jce policy files of jre , import startcom certificate java's keystore, e.g using keytool, or maybe load certificate during runtime?

is correct?

edit2:

here's how created own truststore certificates available @ http://www.startssl.com/certs/ca-bundle.crt

try {     // read certificate bundle disk     certificatefactory cf = certificatefactory.getinstance("x.509");     certificate ca = cf.generatecertificate(getclass().getresourceasstream("ca-bundle.crt")); // file ca-bundle.crt should in same folder .java files     // create keystore containing our trusted cas     keystore keystore = keystore.getinstance(keystore.getdefaulttype());     keystore.load(null, null);     keystore.setcertificateentry("ca", ca);     // create truststore trusts cas in our keystore     trustmanagerfactory tmf = trustmanagerfactory.getinstance(trustmanagerfactory.getdefaultalgorithm());     tmf.init(keystore);     // create sslcontext uses our trustmanager     sslcontext = sslcontext.getinstance("tls");     sslcontext.init(null, tmf.gettrustmanagers(), null); } catch (certificateexception | keystoreexception | nosuchalgorithmexception | keymanagementexception | ioexception e) {         e.printstacktrace(); }

it's possible communicate server securely. can create httpclient custom sslcontext this:

closeablehttpclient client = httpclients.custom().setsslcontext(sslcontext).build();

update java cryptography extension:

java 6 http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

java 7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

the default jre comes limited cryptographic strength because of law.

edit: seems root ca certificate of startcom isn't in java trusted ca. add using openssl cacerts in jre (see digital certificate: how import .cer file in .truststore file).

you building library, put notice somewhere in txt file (readme, howto, faq, ...) people problem same root ac certificate.


Comments

Post a Comment

Popular posts from this blog

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

i have button on website when clicked, reveals map. button can seen when page first loads up, when clicked, section holding map slides open , goes out of screen since page loads @ top (normal). want page scroll down bottom of div select when button pushed, if map out of screen. if page scrolled down, , clicks show map button, don't want page jump bottom of map. i tried figure out myself, no luck. seasoned jquery coders able give me guidance? many thanks! map = mapdiv.gmap3("get"); infobox = new infobox({ pixeloffset: new google.maps.size(-220, -310), closeboxurl: '', enableeventpropagation: true }); mapdiv.delegate('.infobox .close','click',function () { infobox.close(); }); jquery(".slidingdiv").hide(); jquery(".show_hide").show(); jquery('.show_hide').click(function(){ lastcenter=map.getcenter(); jquery(".slidingdiv&quo
Read more

javascript - Highcharts multi-color line -

Image
i looking create highchart multi-colored line. if goes down under value, become red, , when comes on value, become green . here picture example: or maybe highcharts have other charts models differentiate high or low level color? you can achieve coloring using lineargradient coloring: color: { lineargradient: { x1: 0, x2: 0, y1: 0, y2: 1 }, stops: [ [0, 'red'], [0.25, 'yellow'], [0.50, 'green'], [0.75, 'yellow'], [1, 'red'] ] } here 0 in stops relates minimum value of series , 1 maximum value, , in between percentages between values. if find percentages according values prior creating chart use correct stops values make relate specific values in data (at least approximately). see this jsfiddle example .
Read more

javascript - Enter key does not work in search box -

tried search guys sorry. input in search box doesnt work (or search) when hit enter when user clicks search button. doing wrong? here code. thanks. <script type="text/javascript"> $(document).ready(function() { $("#submit").click(function() { var url = "http://asla.org/awardssearch.html"; url += "?s=" + $('#googlecse').val(); window.location = url; }); $('#googlecse').keydown(function(event) { if (event.keycode == '13') { $("#submit").click(); } else { //do nothing :) } }); }); </script> <form class="navbar-form navbar-right" role="search"> <div class="search"> <input id="googlecse" type="text" onblur="if(this.value=='')this.value=this.defaultvalue;" onfocus="if(this.value==this.defaultvalue)t
Read more