0

i am trying to connect to Microsoft Exchange server using java ews-api, but i got the error javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Here is the debug ssl log:

keyStore is: C:\java-1.5\jre\lib\security\cacerts
keyStore type is: jks
keyStore provider is: 
init keystore
Installed Providers = 
IBMJSSEProvider2 Build-Level: -20070822
    IBMJCE
    IBMJSSE
    IBMJSSE2
    IBMJGSSProvider
    IBMCertPath
    IBMPKCS11
    IBMCMSProvider
    IBMSPNEGO
JsseJCE:  Using SecureRandom  from provider IBMJCE version 1.2
trigger seeding of SecureRandom
done seeding SecureRandom
JsseJCE:  Using cipher AES/CBC/NoPadding from provider TBD via init 
export control - checking the cipher suites
export control - no cached value available...
export control - storing legal entry into cache...
JsseJCE:  Using MessageDigest MD5 from provider IBMJCE version 1.2
JsseJCE:  Using MessageDigest SHA from provider IBMJCE version 1.2
main, setSoTimeout(100000) called
main, setSoTimeout(100000) called
%% No cached client session
*** ClientHello, SSLv3
RandomCookie:  GMT: 1449681114 bytes = { 48, 102, 180, 175, 129, 63, 170, 2, 130, 244, 218, 252, 192, 115, 133, 152, 34, 81, 111, 194, 71, 38, 133, 182, 113, 139, 96, 237 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_RSA_FIPS_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: SSLv3 Handshake, length = 79
main, READ: SSLv3 Alert, length = 2
main, RECV TLSv1 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I found that my issue may be fixed by upgrade JDK, but at the time i don't have such possibility. There are any other ways to fix that error?

Alex
  • 1
  • 1
  • Maybe trying to only sent a tlsv1 handshake instead of an SSLv3 one? e.g. by passing `-Dhttps.protocols=TLSv1` to the jvm - you can also do `System.setProperty("https.protocols", "TLSv1");` before any TLS operations are attempted. – Anya Shenanigans Dec 09 '15 at 17:44
  • Next guess would be that the cert being provided by the server is self signed, or signed by a CA that isn't in the java 1.5 cacerts file. You can use something like [`portecle` to import the cert into the file](http://stackoverflow.com/questions/11617210/how-to-properly-import-a-selfsigned-certificate-into-java-keystore-that-is-avail). – Anya Shenanigans Dec 10 '15 at 09:58
  • problem were fixed by changing line `SSLContext context = SLContext.getInstance("SSL");` to `SSLContext context = SSLContext.getInstance("TLS");` in sources of ews-java-api – Alex Dec 11 '15 at 16:36

0 Answers0