Skip to Main Content
Forums

Java APIs

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

RMI + SSL fatal alert: handshake_failure

843793Jul 22 2007 — edited Aug 24 2007
Hi all,

I have been looking for a solution to this problem, and possibly a little guidance for
about a week now in regards to using an applet to communicate with a server using RMI through SSL.

I am down to what (touch wood) is my last error before my test program works.

This error doesn't occur when the applet loads up (I fixed that prob by manually
assigning the truststore and keystore to a TrustManager and KeyManager),
rather it happens when my actionlistener tries to invoke a remote method.

Here is the error on the client side, and the debug info.

There hasn't been an error thrown on the server side from this point.
AWT-EventQueue-2, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
DBApplet exception :error during JRMP connection establishment; nested exception is: 
	javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
	javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.rmi.transport.tcp.TCPChannel.createConnection(Unknown Source)
	at sun.rmi.transport.tcp.TCPChannel.newConnection(Unknown Source)
	at sun.rmi.server.UnicastRef.invoke(Unknown Source)
	at HelloImpl_Stub.sayHello(Unknown Source)
	at HelloClient.actionPerformed(HelloClient.java:298)
	at javax.swing.AbstractButton.fireActionPerformed(Unknown Source)
	at javax.swing.AbstractButton$Handler.actionPerformed(Unknown Source)
	at javax.swing.DefaultButtonModel.fireActionPerformed(Unknown Source)
	at javax.swing.DefaultButtonModel.setPressed(Unknown Source)
	at javax.swing.plaf.basic.BasicButtonListener.mouseReleased(Unknown Source)
	at java.awt.Component.processMouseEvent(Unknown Source)
	at javax.swing.JComponent.processMouseEvent(Unknown Source)
	at java.awt.Component.processEvent(Unknown Source)
	at java.awt.Container.processEvent(Unknown Source)
	at java.awt.Component.dispatchEventImpl(Unknown Source)
	at java.awt.Container.dispatchEventImpl(Unknown Source)
	at java.awt.Component.dispatchEvent(Unknown Source)
	at java.awt.LightweightDispatcher.retargetMouseEvent(Unknown Source)
	at java.awt.LightweightDispatcher.processMouseEvent(Unknown Source)
	at java.awt.LightweightDispatcher.dispatchEvent(Unknown Source)
	at java.awt.Container.dispatchEventImpl(Unknown Source)
	at java.awt.Window.dispatchEventImpl(Unknown Source)
	at java.awt.Component.dispatchEvent(Unknown Source)
	at java.awt.EventQueue.dispatchEvent(Unknown Source)
	at java.awt.EventDispatchThread.pumpOneEventForFilters(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForFilter(Unknown Source)
	at java.awt.EventDispatchThread.pumpEventsForHierarchy(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.pumpEvents(Unknown Source)
	at java.awt.EventDispatchThread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.AppOutputStream.write(Unknown Source)
	at java.io.BufferedOutputStream.flushBuffer(Unknown Source)
	at java.io.BufferedOutputStream.flush(Unknown Source)
	at java.io.DataOutputStream.flush(Unknown Source)
	... 30 more

##

i used debug = ssl:handshake,handshake,trustmanager and got this output:

trigger seeding of SecureRandom
done seeding SecureRandom
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1168296326 bytes = { 171, 217, 194, 136, 95, 85, 213, 39, 236, 208, 168, 92, 100, 173, 201, 227, 226, 117, 25, 219, 22, 133, 247, 202, 220, 91, 226, 103 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
***
thread applet-applet.class, WRITE: TLSv1 Handshake, length = 45
thread applet-applet.class, READ: TLSv1 Alert, length = 2
thread applet-applet.class, RECV TLSv1 ALERT:  fatal, handshake_failure
thread applet-applet.class, called closeSocket()
thread applet-applet.class, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1168296326 bytes = { 13, 107, 91, 83, 15, 11, 87, 183, 9, 34, 241, 2, 134, 102, 204, 95, 195, 21, 18, 236, 241, 188, 68, 171, 81, 152, 61, 69 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
***
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT:  fatal, handshake_failure
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1168296327 bytes = { 108, 164, 16, 51, 74, 207, 168, 21, 18, 193, 11, 186, 127, 254, 234, 244, 28, 97, 202, 240, 151, 188, 55, 52, 88, 37, 30, 208 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
***
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT:  fatal, handshake_failure
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
Finalizer, called close()
Finalizer, called closeInternal(true)
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1168296329 bytes = { 227, 215, 193, 27, 29, 178, 135, 108, 151, 81, 199, 217, 177, 5, 80, 42, 57, 107, 82, 164, 7, 94, 24, 122, 144, 23, 78, 226 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
***
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT:  fatal, handshake_failure
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1168296333 bytes = { 202, 140, 90, 154, 54, 71, 99, 99, 4, 64, 4, 8, 102, 96, 248, 185, 194, 236, 149, 120, 2, 156, 128, 94, 245, 2, 76, 241 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
***
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT:  fatal, handshake_failure
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Finalizer, called close()
Finalizer, called closeInternal(true)
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1168296341 bytes = { 172, 30, 228, 134, 127, 3, 99, 112, 4, 54, 6, 162, 72, 5, 176, 234, 234, 208, 123, 166, 224, 30, 224, 17, 204, 93, 90, 11 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
***
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT:  fatal, handshake_failure
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1168296357 bytes = { 49, 202, 249, 112, 234, 233, 92, 184, 142, 206, 79, 16, 85, 220, 198, 197, 84, 152, 118, 33, 233, 205, 231, 240, 239, 167, 236, 236 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5]
Compression Methods:  { 0 }
***
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], WRITE: TLSv1 Handshake, length = 45
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], READ: TLSv1 Alert, length = 2
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], RECV TLSv1 ALERT:  fatal, handshake_failure
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], called closeSocket()
RMI RenewClean-[127.0.0.1:51541,javax.rmi.ssl.SslRMIClientSocketFactory@b02efa], handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
A bit of background that may help - I am using a CA signed cert.

I have a keystore called keystore.ks and a truststore called
truststore.ks that has had the export of the keystore imported into it.

I am a little unsure of how I create a client keystore and truststore
or whether I only need a client keystore, or even whether what I have is
enough. I am fairly sure this is part of the problem, though I don't know if
it is the root cause.

I am attempting to use the features mentioned in the paragraph starting
"Now let's export the HelloImpl remote object with the SSL/TLS-based "
in the example here:
http://blogs.sun.com/lmalventosa/entry/using_the_ssl_tls_based

Unfortunately it doesn't involve applets or CA signed keys, so I have had to turn to the forums and
occasionally google, to get me through.

It is at the stage where it authenticates the client with the server initially from what I can tell.
- I was getting an SSL handshake error upon start of the client that has since been resolved and had
a different error message to this one - though I realise the cause could be the same.

I have searched for RECV TLSv1 ALERT: fatal, handshake_failure, and the first line of the error on
here and on google but have come up empty so far.

Thanks in advance,
brendo.
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Sep 21 2007
Added on Jul 22 2007
#remote-method-invocation-rmi
22 comments
3,458 views