Home > Others

Handshake process of SSL/TLS with javax.net.ssl.SSLHandshakeException:Received fatal Alert:handshake_failure exception

Source: Internet
Author: User
Tags cipher suite
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Reprinted from http://blog.csdn.net/taiyangdao/article/details/54707184

I. Handshake process of SSL/TLS

During the handshake process of SSL/TLS, parameters need to be exchanged between the client and the server, as follows:

    1. The client provides various cipher suites that it supports (including cryptographic algorithms and hash functions)
    2. The server chooses the cipher suite that it also supports and notifies the client that the two will transfer the data
    3. The server also sends its own digital certificate (including the server name, CA, and public key) as an identifier to the client
    4. Client confirms the validity of the server's digital certificate to the CA
    5. Client-generated session key (subsequent data transfer between client and server will use this session key)
      • Use the server's public key encryption session key to send to the server
      • Or the client can also use the DH key exchange

Two. Handshake_failure Anomaly analysis

In the process of SSL/TLS communication between the client and the server, the following exceptions often occur:

Javax.net.ssl.SSLHandshakeException:Received Fatal Alert:handshake_failure

First, the timing of this exception occurs when the effective data transfer between the client and the server has not started during the handshake between the client and the server.

Reason one: For the above handshake process, this exception often occurs in the 4th step, when the client obtains the server's digital certificate, when verifying the validity of the certificate to the CA.

When a client attempts to authenticate to a trusted CA, it discovers that the CA referenced by the server's digital certificate does not appear in the client's Trust store.

Reason two: Additionally, the exception may be due to inconsistencies between the client and the SSL/TLS version used by the server. The server uses a high TLS version, while the client supports a low TLS version.

At this point, you can set the JVM parameters for the client as follows to improve the TLS version of the client:

-dhttps.protocols=tlsv1.2,tlsv1.1,tlsv1.0,sslv3,sslv2hello

Both of these reasons can be resolved by upgrading the JDK to 1.8. Java 8 supports the TLSv1.2 version by default. JDK 1.6 does not support TLSv1.2

Handshake process of SSL/TLS with javax.net.ssl.SSLHandshakeException:Received fatal Alert:handshake_failure exception

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
tls handshake with exception of fatal exception error what is tls handshake tls handshake timeout tls handshake failed test ssl handshake

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More