Handshake failure with Java when I try to do a POST -


i try contact *** , send data using post.

i use jersey-bundle-1.18.jar have imported eclipse project. code:

    client client = client.create();     webresource webresource = client.resource("https://somesite.com");     multivaluedmap<string, string> map = new multivaluedmapimpl();     map.putsingle("key_name", api_key_name);     map.putsingle("key_value", api_key_value);     map.putsingle("message", "test");     map.putsingle("extension", "+0012345678");     clientresponse response = webresource.type("application/x-www-form-urlencoded")                  .post(clientresponse.class, map); // throws exception here     return response.tostring();

when run code javax.net.ssl.sslhandshakeexception. certificate used site startcom, , don't think ca in java's default truststore, @ not least in java 6, according this poster

i ran program jvm flag -djavax.net.debug=all , got:

trigger seeding of securerandom done seeding securerandom ignoring unavailable cipher suite: tls_ecdhe_rsa_with_aes_256_cbc_sha ignoring unavailable cipher suite: tls_dhe_rsa_with_aes_256_cbc_sha ignoring unavailable cipher suite: tls_ecdh_rsa_with_aes_256_cbc_sha ignoring unsupported cipher suite: tls_dhe_dss_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_dhe_dss_with_aes_256_cbc_sha256 ignoring unsupported cipher suite: tls_dhe_rsa_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_ecdh_rsa_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_dhe_rsa_with_aes_256_cbc_sha256 ignoring unsupported cipher suite: tls_ecdhe_rsa_with_aes_256_cbc_sha384 ignoring unsupported cipher suite: tls_ecdh_ecdsa_with_aes_256_cbc_sha384 ignoring unsupported cipher suite: tls_rsa_with_aes_256_cbc_sha256 ignoring unavailable cipher suite: tls_ecdhe_ecdsa_with_aes_256_cbc_sha ignoring unsupported cipher suite: tls_ecdhe_rsa_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_ecdhe_ecdsa_with_aes_256_cbc_sha384 ignoring unavailable cipher suite: tls_dhe_dss_with_aes_256_cbc_sha ignoring unsupported cipher suite: tls_ecdh_rsa_with_aes_256_cbc_sha384 ignoring unsupported cipher suite: tls_ecdhe_ecdsa_with_aes_128_cbc_sha256 ignoring unsupported cipher suite: tls_ecdh_ecdsa_with_aes_128_cbc_sha256 ignoring unavailable cipher suite: tls_ecdh_ecdsa_with_aes_256_cbc_sha ignoring unavailable cipher suite: tls_rsa_with_aes_256_cbc_sha ignoring unsupported cipher suite: tls_rsa_with_aes_128_cbc_sha256 allow unsafe renegotiation: false allow legacy hello messages: true initial handshake: true secure renegotiation: false main, setsotimeout(0) called %% no cached client session *** clienthello, tlsv1 randomcookie:  gmt: 1391505439 bytes = { 186, 52, 225, 5, 67, 137, 170, 128, 220, 41, 178, 86, 199, 17, 150, 190, 23, 47, 217, 126, 162, 34, 68, 40, 216, 221, 193, 108 } session id:  {} cipher suites: [tls_ecdhe_ecdsa_with_aes_128_cbc_sha, tls_ecdhe_rsa_with_aes_128_cbc_sha, tls_rsa_with_aes_128_cbc_sha, tls_ecdh_ecdsa_with_aes_128_cbc_sha, tls_ecdh_rsa_with_aes_128_cbc_sha, tls_dhe_rsa_with_aes_128_cbc_sha, tls_dhe_dss_with_aes_128_cbc_sha, tls_ecdhe_ecdsa_with_rc4_128_sha, tls_ecdhe_rsa_with_rc4_128_sha, ssl_rsa_with_rc4_128_sha, tls_ecdh_ecdsa_with_rc4_128_sha, tls_ecdh_rsa_with_rc4_128_sha, tls_ecdhe_ecdsa_with_3des_ede_cbc_sha, tls_ecdhe_rsa_with_3des_ede_cbc_sha, ssl_rsa_with_3des_ede_cbc_sha, tls_ecdh_ecdsa_with_3des_ede_cbc_sha, tls_ecdh_rsa_with_3des_ede_cbc_sha, ssl_dhe_rsa_with_3des_ede_cbc_sha, ssl_dhe_dss_with_3des_ede_cbc_sha, ssl_rsa_with_rc4_128_md5, tls_empty_renegotiation_info_scsv] compression methods:  { 0 } extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} extension ec_point_formats, formats: [uncompressed] extension server_name, server_name: [host_name: ***] *** [write] md5 , sha1 hashes:  len = 176 0000: 01 00 00 ac 03 01 53 f1   b0 1f ba 34 e1 05 43 89  ......s....4..c. 0010: aa 80 dc 29 b2 56 c7 11   96 17 2f d9 7e a2 22  ...).v...../..." 0020: 44 28 d8 dd c1 6c 00 00   2a c0 09 c0 13 00 2f c0  d(...l..*...../. 0030: 04 c0 0e 00 33 00 32 c0   07 c0 11 00 05 c0 02 c0  ....3.2......... 0040: 0c c0 08 c0 12 00 0a c0   03 c0 0d 00 16 00 13 00  ................ 0050: 04 00 ff 01 00 00 59 00   0a 00 34 00 32 00 17 00  ......y...4.2... 0060: 01 00 03 00 13 00 15 00   06 00 07 00 09 00 0a 00  ................ 0070: 18 00 0b 00 0c 00 19 00   0d 00 0e 00 0f 00 10 00  ................ 0080: 11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00  ................ main, write: tlsv1 handshake, length = 176 [raw write]: length = 181 0000: 16 03 01 00 b0 01 00 00   ac 03 01 53 f1 b0 1f ba  ...........s.... 0010: 34 e1 05 43 89 aa 80 dc   29 b2 56 c7 11 96 17  4..c....).v..... 0020: 2f d9 7e a2 22 44 28 d8   dd c1 6c 00 00 2a c0 09  /..."d(...l..*.. 0030: c0 13 00 2f c0 04 c0 0e   00 33 00 32 c0 07 c0 11  .../.....3.2.... 0040: 00 05 c0 02 c0 0c c0 08   c0 12 00 0a c0 03 c0 0d  ................ 0050: 00 16 00 13 00 04 00 ff   01 00 00 59 00 0a 00 34  ...........y...4 0060: 00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07  .2.............. 0070: 00 09 00 0a 00 18 00 0b   00 0c 00 19 00 0d 00 0e  ................ 0080: 00 0f 00 10 00 11 00 02   00 12 00 04 00 05 00 14  ................ 0090: 00 08 00 16 00 0b 00 02   01 00 00 00 00 17 00 15  ................ [raw read]: length = 5 0000: 15 03 01 00 02                                     ..... [raw read]: length = 2 0000: 02 28                                              .( main, read: tlsv1 alert, length = 2 main, recv tlsv1 alert:  fatal, handshake_failure main, called closesocket() main, handling exception: javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure main, called close() main, called closeinternal(true) exception in thread "main" com.sun.jersey.api.client.clienthandlerexception: javax.net.ssl.sslhandshakeexception: received fatal alert: handshake_failure

what's wrong, , how can make work?

edit: mentioned below, downloaded java cryptography extension (jce) unlimited strength jurisdiction policy files, java 7, since version of java i'm using , copied jar files /lib/security per instructions.

i ran program again, , got stuck @ exception. i've copied couple of rows eclipse console:

%% invalidated: [session-1, tls_ecdhe_rsa_with_aes_256_cbc_sha] main, send tlsv1 alert: fatal, description = certificate_unknown main, write: tlsv1 alert, length = 2 [raw write]: length = 7 0000: 15 03 01 00 02 02 2e ....... main, called closesocket() main, handling exception: javax.net.ssl.sslhandshakeexception: sun.security.validator.validatorexception: pkix path building failed: sun.security.provider.certpath.suncertpathbuilderexception: unable find valid certification path requested target

this time, seems startcom certificate in java's truststore missing @ last. i'm sure it's possible overcome problem, since consider deploy code jar file can used other people, don't think it's feasible solution let people replace jce policy files in order use library.

i bit nonplussed when first encountered error because had executed same code before successful results, when think it, used openjdk , not oracle's proprietary jdk. when used openjdk didn't had encryption problem either. so, seems i've 2 bad choices here:

1). force users switch java development kit openjdk, or service/library won't work.

2). force users replace jce policy files of jre , import startcom certificate java's keystore, e.g using keytool, or maybe load certificate during runtime?

is correct?

edit2:

here's how created own truststore certificates available @ http://www.startssl.com/certs/ca-bundle.crt

try {     // read certificate bundle disk     certificatefactory cf = certificatefactory.getinstance("x.509");     certificate ca = cf.generatecertificate(getclass().getresourceasstream("ca-bundle.crt")); // file ca-bundle.crt should in same folder .java files     // create keystore containing our trusted cas     keystore keystore = keystore.getinstance(keystore.getdefaulttype());     keystore.load(null, null);     keystore.setcertificateentry("ca", ca);     // create truststore trusts cas in our keystore     trustmanagerfactory tmf = trustmanagerfactory.getinstance(trustmanagerfactory.getdefaultalgorithm());     tmf.init(keystore);     // create sslcontext uses our trustmanager     sslcontext = sslcontext.getinstance("tls");     sslcontext.init(null, tmf.gettrustmanagers(), null); } catch (certificateexception | keystoreexception | nosuchalgorithmexception | keymanagementexception | ioexception e) {         e.printstacktrace(); }

it's possible communicate server securely. can create httpclient custom sslcontext this:

closeablehttpclient client = httpclients.custom().setsslcontext(sslcontext).build();

update java cryptography extension:

java 6 http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

java 7 http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

the default jre comes limited cryptographic strength because of law.

edit: seems root ca certificate of startcom isn't in java trusted ca. add using openssl cacerts in jre (see digital certificate: how import .cer file in .truststore file).

you building library, put notice somewhere in txt file (readme, howto, faq, ...) people problem same root ac certificate.


Comments

Post a Comment

Popular posts from this blog

javascript - Jquery show_hide, what to add in order to make the page scroll to the bottom of the hidden field once button is clicked -

i have button on website when clicked, reveals map. button can seen when page first loads up, when clicked, section holding map slides open , goes out of screen since page loads @ top (normal). want page scroll down bottom of div select when button pushed, if map out of screen. if page scrolled down, , clicks show map button, don't want page jump bottom of map. i tried figure out myself, no luck. seasoned jquery coders able give me guidance? many thanks! map = mapdiv.gmap3("get"); infobox = new infobox({ pixeloffset: new google.maps.size(-220, -310), closeboxurl: '', enableeventpropagation: true }); mapdiv.delegate('.infobox .close','click',function () { infobox.close(); }); jquery(".slidingdiv").hide(); jquery(".show_hide").show(); jquery('.show_hide').click(function(){ lastcenter=map.getcenter(); jquery(".slidingdiv...
Read more

python - Django-cities exits with "killed" -

i trying install django-cities on server 500mb ram. whenever run: manage.py cities the system exits saying killed. trying run: manage.py cities --import=country --force worked, guessing matter of running out of memory. to bypass, tried refer package local copy of cities' data file. still didn't work. any ideas on how can migrate data without having increase memory on server? based on suggestion comments, solved setting temporary swap file. if unfamiliar it, can follow these steps: set swap file touch /var/swap.img chmod 600 /var/swap.img set swap file size cd /var dd if=/dev/zero of=/var/swap.img bs=1024k count=1000 this create 1gb swap file. prepare disk image mkswap /var/swap.img activate swap memory swapon /var/swap.img once done, can turn off swap image: swapoff /var/swap.img more information on virtual memory , swap files can found here: https://www.digitalocean.com/community/tutorials/how-to-configure-virtual-me...
Read more

python - How to get a widget position inside it's layout in Kivy? -

i have gridlayout , added image widgets on after adding of images want draw rectangle in each image using canvas couldn't because don't know exact image widgets positions on gridlayout. code: http://paste.ofcode.org/3bdp9yhjrcrzmsztbu9hqp4 http://paste.ofcode.org/3az3gx4fxzr9dlhe2ami97c in last line of python code : rectangle(pos = (child.x - 2.4, child.y + 467), size = (70, 70)) how draw rectangle in child(my method not good^), also why gridlayout not coming in center after setting it's pos_hint = {"center_x" : .5}? if understand question right, try use such methods to_local() , to_parent() , to_widget() , to_window() . try substract position of gridlayout widgets' positions.
Read more