All geek questions in one place

SSLHandshake exception when connecting to https site

I am trying to write an https site via jmeter (version 2.13, java version 1.8u31) and I get an SSLHandshakeException when connecting to the https site. Error message

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2011)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1113)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1363)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1391)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1375)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:436)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:180)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:294)
    at org.apache.jmeter.protocol.http.sampler.MeasuringConnectionManager$MeasuredConnection.open(MeasuringConnectionManager.java:107)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:643)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:479)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:906)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:805)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.executeRequest(HTTPHC4Impl.java:517)
    at org.apache.jmeter.protocol.http.sampler.HTTPHC4Impl.sample(HTTPHC4Impl.java:331)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerProxy.sample(HTTPSamplerProxy.java:74)
    at org.apache.jmeter.protocol.http.sampler.HTTPSamplerBase.sample(HTTPSamplerBase.java:1146)
    at org.apache.jmeter.protocol.http.proxy.Proxy.run(Proxy.java:240)

I turned on debug logging for SSL, but I could not understand the root cause. It seems that the java client sends ClientHello but does not receive the ServerHello message ( where the server selects the highest version of SSL and the best cipher suite that the client and server support and send this information to the client). I see the differences between protocol versions that are sent, read and received by the client (TLSv1.1 vs TLSv1.2)

Is this the main reason? If so, how can I fix this?

- Java SSLHandshakeException Logs - Pastebin.com

@Anand Bhatt, ssllabs

  • TLSv1.2, java 8
  • - TLS_RSA_WITH_AES_256_CBC_SHA
  • Java 8u31 , , , , .

? , java 8 , ?

+4
1

SSLlabs, -, " ". Java crypto crock, 1990- , , JRE ( JDK), Sun-Oracle, 256 , . " JCE Unlimited Strength " Java () ; 8 http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html. README , jar JRE/lib/security.

TLSv1.2 . TLS , ( ) . Java 8 SSLv3, TLSv1.0, TLSv1.1 TLSv1.2, (8u31 7u75 ) SSLv3 - POODLE; , , . (Java 7 , 1.1 1.2 - .)

- POODLE BEAST SSLv3 TLSv1.0 ; , https://security.stackexchange.com/a/87077/39571. TLSv1.2 1,1, , , ; 1.2 (, , ), . , RSA, , .

keytool ( , ) . , , CA ( , ) JRE / , / SSL/TLS, . ( - - , , HTTP, ). SSLLabs ( ), , , Java, , .

+6

Source: https://habr.com/ru/post/1588992/

More articles:


All Articles