0

I have two questions,

1) I am getting the following exception while trying to connect to a server in JDK 1.7

javax.net.ssl.SSLProtocolException: Protocol violation: server sent a server key exchangemessage for key exchange RSA

The server supports the following protocols - TLS_RSA_WITH_AES_256_CBC_SHA and TLS_RSA_WITH_AES_128_CBC_SHA

2) I just saw the following link,

Is TLS_RSA_WITH_3DES_EDE_CBC_SHA equivalent to SSL_RSA_WITH_3DES_EDE_CBC_SHA

which explains TLS_RSA_WITH_3DES_EDE_CBC_SHA and SSL_RSA_WITH_3DES_EDE_CBC_SHA are equivalent.

But I find that when the server supports "TLS_RSA_WITH_3DES_EDE_CBC_SHA" while connecting to it (JDK1.7) this Cipher Suite isn't getting selected and my connection to the site is failing.

On a additional note, I am using Apache's httpclient to connect.

Community
  • 1
  • 1
Uthra
  • 115
  • 1
  • 2
  • 8

1 Answers1

1

This is a good link which shows what Java 1.7 supports: https://www.ssllabs.com/ssltest/viewClient.html?name=Java&version=7u25

One of your protocols (TLS_RSA_WITH_AES_128_CBC_SHA) is accepted by Java 1.7 but only for TLSv1.0 or below. Might be worth checking if the server had turned off support if this and only supports TLSv1.1 or TLSv1.2? You can use the server test in the same site to check this.

If it is that then you need to upgrade to Java 8. Which is probably something you should consider anyway if using SSL/TLS for your Java app since PCI has mandated turning off TLSv1.0 so this will become more and more of an issue.

Barry Pollard
  • 40,655
  • 7
  • 76
  • 92