Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

RECV TLSv1 ALERT: fatal, handshake_failure in Java 1.7

998079Mar 20 2013 — edited Jun 2 2013
I have two Java applications. Both were originally running Java 1.6. The applications communicate via an HTTPS call. The client is being converted to Java 1.7 while the server is being left at Java 1.6 for now.

When the client is run using Java 1.7 it gets an exception, javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure. The client works fine using Java 1.6. The client running on Java 1.7 can communicate with other applications such as https://www.google.com/ without any problem.

The debug log indicates that the client is accepting the server certificate without any problem. It is the server that is sending the handshake_failure response.

The only significant difference I can see between the two logs is that using Java 1.6 client, the server selects the SSL_RSA_WITH_RC4_128_MD5 cipher suite while with the Java 1.7 client the server selects the TLS_RSA_WITH_AES_256_CBC_SHA cipher suite.

I can re-create the problem using a simple program and running it twice, once with Java 1.6 and once with Java 1.7.

package testhttps;

import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.net.URLConnection;

public class Main {
private static final String JAVA_VERSION = "java.version";
private static final String JAVAX_NET_DEBUG = "javax.net.debug";
private static final String JAVAX_NET_SSL_TRUSTSTORE = "javax.net.ssl.trustStore";

private static final String DEBUG_OPTS = "ssl,handshake";
private static final String LOCAL_KS = "C:/Users/USER/Desktop/SERVERcert";
private static final String LOCAL_URL = "https://SERVER/invoke/tools.employees.apps:APPNAME";
private static final String GOOGLE_URL = "https://www.google.com/";

public static void main(String[] args) throws IOException {
System.out.println("Java Version: " + System.getProperty(JAVA_VERSION));
printSep();
System.setProperty(JAVAX_NET_DEBUG, DEBUG_OPTS);
System.setProperty(JAVAX_NET_SSL_TRUSTSTORE, LOCAL_KS);
runTest(LOCAL_URL);
printSep();
runTest(GOOGLE_URL);
}

private static void printSep() {
System.out.println("----------------------------------------");
System.out.println();
}

private static void runTest(String urlStr) {
System.out.println("URL: " + urlStr);
System.out.println();
try {
URL url = new URL(urlStr);
URLConnection connection = url.openConnection();
connection.connect();
InputStream stream = connection.getInputStream();
while (true) {
int n = stream.read();
if (n == -1)
break;
System.out.write(n);
}
stream.close();
System.out.println();
} catch (IOException e) {
System.out.println();
e.printStackTrace();
}
}
}
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Jun 30 2013
Added on Mar 20 2013
#java-secure-socket-extension-jsse
7 comments
58,803 views