stackoom
  简体   繁体   中英

Jboss - handshake failure - client connection using TLSv1.1 instead of TLSv1.2

 原文  2016-07-04 16:04:36       java/ jboss/ java-7

Question

I have a jboss version Version 6.3.0.GA , using java version 1.7.0_71 My collegues on remote server changes allowed TLS protocol from 1.1 to 1.2, and now i have to update my client (deployed in jboss). The problem is that after this change i receive: 

faultString: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

In ssl debug i see: 

5:22:43,921 INFO  [stdout] (http-/0.0.0.0:8080-1) *** ClientHello, TLSv1
15:22:43,923 INFO  [stdout] (http-/0.0.0.0:8080-1) RandomCookie:  GMT: 1467638563 bytes = { 250, 245, 94, 108, 232, 16, 43, 124, 53, 95, 38, 104, 249, 96, 71, 207, 230, 7, 84, 183, 41, 224, 63, 213, 186, 7, 179, 255 }
15:22:43,923 INFO  [stdout] (http-/0.0.0.0:8080-1) Session ID:  {}
15:22:43,923 INFO  [stdout] (http-/0.0.0.0:8080-1) Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
15:22:43,924 INFO  [stdout] (http-/0.0.0.0:8080-1) Compression Methods:  { 0 }
15:22:43,924 INFO  [stdout] (http-/0.0.0.0:8080-1) Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
15:22:43,924 INFO  [stdout] (http-/0.0.0.0:8080-1) Extension ec_point_formats, formats: [uncompressed]
15:22:43,925 INFO  [stdout] (http-/0.0.0.0:8080-1) Extension server_name, server_name: [host_name: cxg7d.test.centurylink.com]
15:22:43,925 INFO  [stdout] (http-/0.0.0.0:8080-1) ***
15:22:43,925 INFO  [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, WRITE: TLSv1 Handshake, length = 184
15:22:43,958 INFO  [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, READ: TLSv1.2 Alert, length = 2
15:22:43,959 INFO  [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, RECV TLSv1 ALERT:  fatal, handshake_failure
15:22:43,959 INFO  [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, called closeSocket()
15:22:43,960 INFO  [stdout] (http-/0.0.0.0:8080-1) http-/0.0.0.0:8080-1, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
15:22:43,963 ERROR [stderr] (http-/0.0.0.0:8080-1) AxisFault
15:22:43,964 ERROR [stderr] (http-/0.0.0.0:8080-1)  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.userException
15:22:43,964 ERROR [stderr] (http-/0.0.0.0:8080-1)  faultSubcode: 
15:22:43,964 ERROR [stderr] (http-/0.0.0.0:8080-1)  faultString: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Even after below change has been applied

1 - updated the "standalone.xml" with below values 

<system-properties>
    <property name="https.protocols" value="TLSv1.2"/>
</system-properties>

2 - added below JAVA Options to server start: 

-Djavax.net.debug=all -Ddeployment.security.TLSv1.2=true -Ddeployment.security.TLSv1.2=true -Ddeployment.security.TLSv1=false -Dhttps.protocols=TLSv1.2

3 - Changed graphically the protocols in java console JDK control panel

but nothing handshake still exists. I suppose that the error is on "Client Hello" that still use TLSv1 instead of 1.2 . Do youhave any suggestion to force this value? S.

1 answers

solution1
 0  2016-07-05 13:32:56

No way to force TLSv1.2 for Java 1.7.0_71 using properties file. The only way that worked is to add the following java code into program: 

socket.setEnabledProtocols(new String[] {"SSLv2Hello", "TLSv1", "TLSv1.1", "TLSv1.2"});

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Android TLSv1.2 handshake_failure How to make Glassfish 4.0 WebService use TLSv1.1 or TLSv1.2 HttpClientBuilder is using TLSv1.2 instead of TLSv1 Java 7 with TLSv1.2 connect to LDAPS handshake failure TLSv1.2 with Java 7 and Wildlfy 8 - handshake_failure Java 8 RECV TLSv1.2 ALERT: fatal, handshake_failure TLSv1.2 PC => Android 5.0.2 handshake_failure Java Server, TLSv1.1 fast, TLSv1.2 extremely slow (90MByte/sec versus 4MByte/sec) Generating a self signed certificate using TLSv1.2 or 1.1 Tomcat application as a client to another server using TLSv1.2
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM