Home > Others

Handshake process of SSL/TLS and javax.net.ssl.SSLHandshakeException:Received fatal alert:handshake_failure anomaly __.net

Source: Internet
Author: User
Tags cipher suite
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

I. The handshake process of SSL/TLS

In the SSL/TLS handshake process, the client and the server need to exchange parameters, the specific process is as follows: The client provides the various cipher suites that it supports (including cryptographic algorithms and hash functions) from which the server chooses itself and supports cipher Suiteand notifies the client that both will be used for this data transfer server simultaneously sends its own digital certificate (including the server name, CA, and public key) as an identifier to the client client to confirm the validity of the server's digital certificate to the CA Client-generated session key (subsequent data transfer between the client and server will use this session key) to send to the server using the server's public key encryption session key or the client can also use the DH key exchange


Two. Handshake_failure Anomaly analysis

The following exceptions often occur during SSL/TLS communication between the client and the server:

Javax.net.ssl.SSLHandshakeException:Received Fatal Alert:handshake_failure

First, the timing of the exception occurs when the client and the server are handshake, and the effective data transfer between the client and the server has not yet begun.

Reason one: In view of the above handshake process, this anomaly often occurs in the 4th step, that is, when the client obtains the server digital certificate, verifies the certificate validity to the CA.

When the client tries to authenticate to a trusted CA, it discovers that the CA referenced by the server's digital certificate does not appear in the client's Trust store.

Reason two: Additionally, the exception may be due to inconsistent ssl/tls versions used by the client and the server. The server uses a high version of TLS, while the client-supported TLS version is low.

At this point, you can set the JVM parameters for the client to improve the TLS version of the client:

-dhttps.protocols=tlsv1.2,tlsv1.1,tlsv1.0,sslv3,sslv2hello

Both of these reasons can be resolved by upgrading JDK to 1.8. Java 8 supports the TLSv1.2 version by default.


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
tls handshake ssl and tls protocols what is tls handshake tls handshake timeout tls handshake failed test ssl handshake ssl handshake diagram

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More