Received fatal alert handshake failure through SSLHandshakeException

0 votes

I have a problem with authorized SSL connection. I have created Struts Action that connects to external server with Client Authorized SSL certificate. In my Action I am trying to send some data to bank server but without any luck, because I have as a result from server the following error:

error: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

My Method from my Action class that sends data to server

//Getting external IP from host
    URL whatismyip = new URL("http://automation.whatismyip.com/n09230945.asp");
    BufferedReader inIP = new BufferedReader(new InputStreamReader(whatismyip.openStream()));

    String IPStr = inIP.readLine(); //IP as a String

    Merchant merchant;

    System.out.println("amount: " + amount + ", currency: " + currency + ", clientIp: " + IPStr + ", description: " + description);

    try {

        merchant = new Merchant(context.getRealPath("/") + "merchant.properties");

    } catch (ConfigurationException e) {

        Logger.getLogger(HomeAction.class.getName()).log(Level.INFO, "message", e);
        System.err.println("error: " + e.getMessage());
        return ERROR;
    }

    String result = merchant.sendTransData(amount, currency, IPStr, description);

    System.out.println("result: " + result);

    return SUCCESS;

My merchant.properties file:

bank.server.url=https://-servernameandport-/
https.cipher=-cipher-

keystore.file=-key-.jks
keystore.type=JKS
keystore.password=-password-
ecomm.server.version=2.0

encoding.source=UTF-8
encoding.native=UTF-8

For the first time I thought this is a certificate problem, I converted it from .pfx to .jks, but I have the same error, with no changes.

Dec 5, 2018 in Java by Sushmita
• 6,920 points
6,438 views

1 answer to this question.

0 votes

On update 51, java 1.8 prohibited[1] RC4 ciphers by default, as we can see on the Release Notes page:

Bug Fix: Prohibit RC4 cipher suites

RC4 is now considered as a compromised cipher.

RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods. See JDK-8077109 (not public).

If your server has a strong preference for this cipher (or use only this cipher) this can trigger a handshake_failure on java.

You can test connecting to the server enabling RC4 ciphers (first, try without enabledargument to see if triggers a handshake_failure, then set enabled:

import javax.net.ssl.SSLSocketFactory;
import java.io.*;

import java.util.Arrays;

/** Establish a SSL connection to a host and port, writes a byte and
 * prints the response. See
 * http://confluence.atlassian.com/display/JIRA/Connecting+to+SSL+services
 */
public class SSLRC4Poke {
    public static void main(String[] args) {
        String[] cyphers;
        if (args.length < 2) {
            System.out.println("Usage: "+SSLRC4Poke.class.getName()+" <host> <port> enable");
            System.exit(1);
        }
        try {
            SSLSocketFactory sslsocketfactory = (SSLSocketFactory) SSLSocketFactory.getDefault();
            SSLSocket sslsocket = (SSLSocket) sslsocketfactory.createSocket(args[0], Integer.parseInt(args[1]));

            cyphers = sslsocketfactory.getSupportedCipherSuites();
            if (args.length ==3){
                sslsocket.setEnabledCipherSuites(new String[]{
                    "SSL_DH_anon_EXPORT_WITH_RC4_40_MD5",
                   "SSL_DH_anon_WITH_RC4_128_MD5",
                    "SSL_RSA_EXPORT_WITH_RC4_40_MD5",
                    "SSL_RSA_WITH_RC4_128_MD5",
                    "SSL_RSA_WITH_RC4_128_SHA",
                    "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA",
                    "TLS_ECDHE_RSA_WITH_RC4_128_SHA",
                    "TLS_ECDH_ECDSA_WITH_RC4_128_SHA",
                    "TLS_ECDH_RSA_WITH_RC4_128_SHA",
                    "TLS_ECDH_anon_WITH_RC4_128_SHA",
                    "TLS_KRB5_EXPORT_WITH_RC4_40_MD5",
                    "TLS_KRB5_EXPORT_WITH_RC4_40_SHA",
                    "TLS_KRB5_WITH_RC4_128_MD5",
                    "TLS_KRB5_WITH_RC4_128_SHA"
                });     
            }

            InputStream in = sslsocket.getInputStream();
            OutputStream out = sslsocket.getOutputStream();

            // Write a test byte to get a reaction :)
            out.write(1);

            while (in.available() > 0) {
                System.out.print(in.read());
            }
            System.out.println("Successfully connected");

        } catch (Exception exception) {
 exception.printStackTrace();
        }
    }
}
answered Dec 5, 2018 by Daisy
• 8,140 points

Related Questions In Java

0 votes
0 answers

Ho do I Iterate through a HashMap which contains duplicate values

What is the fastest and the best ...READ MORE

Apr 16, 2018 in Java by Daisy
• 8,140 points
811 views
0 votes
2 answers

Ho do I Iterate through a HashMap which contains duplicate values

for (Map.Entry<String, String> item : params.entrySet()) { ...READ MORE

answered Jul 24, 2018 in Java by samarth295
• 2,220 points
5,293 views
0 votes
1 answer
0 votes
2 answers

What is the easiest way to iterate through the characters of a string in Java?

There are two approaches to this: for(int i ...READ MORE

answered Aug 19, 2019 in Java by Sirajul
• 59,230 points
1,851 views
0 votes
1 answer

Error:javax.net.ssl.SSLHandshakeException Error?

Hello @kartik, First, you need to obtain the ...READ MORE

answered May 21, 2020 in Java by Niroj
• 82,840 points
2,005 views
0 votes
1 answer

What is ArrayIndexOutOfBoundsException ?

If You check System.out.print(names.length); you will get 3 ...READ MORE

answered May 11, 2018 in Java by sharth
• 3,370 points
955 views
0 votes
1 answer

How can we resolve ClassNotFoundException in Java?

Your classpath is broken. Depending on how you ...READ MORE

answered May 22, 2018 in Java by Akrati
• 3,190 points
1,239 views
0 votes
1 answer

How to resolve the java.net.ConnectException in Java?

If you are getting java.net.ConnectionException, it means ...READ MORE

answered Jun 4, 2018 in Java by Akrati
• 3,190 points
2,259 views
+1 vote
1 answer

How can we resolve java.lang.OutOfMemoryError in Java?

Work with smaller batches of HashMap Objects ...READ MORE

answered Jun 5, 2018 in Java by sharth
• 3,370 points
1,006 views
0 votes
1 answer

How can we handle the javax.net.ssl.SSLHandshakeException?

import javax.net.ssl.HttpsURLConnection; import javax.net.ssl.SSLContext; import javax.net.ssl.TrustManager; import javax.net.ssl.X509TrustManager; import java.io.OutputStream; // ...READ MORE

answered Oct 10, 2018 in Java by Daisy
• 8,140 points
2,579 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP