0

I'm connecting ActiveSync service on Tencent Enterprise Mail ( https://ex.qq.com/ ) via Java but got javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure. Here is my test code:

public static void main(String[] args) throws Exception {
    Socket socket = SSLSocketFactory.getDefault().createSocket("ex.qq.com", 443);
    socket.getOutputStream().write("GET / HTTP/1.1\r\nHost: ex.qq.com\r\n\r\n".getBytes());
}

But when I open https://ex.qq.com/ with browsers (IE/FireFox/Chrome), they show no problems with SSL connections and SSL certificates.

Why Java SSLSocket cannot connect this site but browsers can?

SOLVED:

ssllabs.com told me this site supports TLS_RSA_WITH_RC4_128_SHA (0x5) only (see https://www.ssllabs.com/ssltest/analyze.html?d=ex.qq.com&s=220.249.243.199 ). So I changed my code to: 

public static void main(String[] args) throws Exception {
    Socket socket = SSLSocketFactory.getDefault().createSocket();
    ((SSLSocket) socket).setEnabledCipherSuites(new String[] {"SSL_RSA_WITH_RC4_128_SHA"});
    socket.connect(new InetSocketAddress("ex.qq.com", 443));
    socket.getOutputStream().write("GET / HTTP/1.1\r\nHost: ex.qq.com\r\n\r\n".getBytes());
}

At first I got javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate).

When I removed jdk.tls.disabledAlgorithms=... from ${JRE_HOME}/lib/security/java.security, the connection successfully established :-)

auntyellow
  • 2,423
  • 2
  • 20
  • 47
  • The answer to the question in your title is that JSSE supports TLS v1.0, 1.1, 1.2, ... What other implementations support is up to them. The issue here isn't an implementation problem, it is a cipher or certificate or configuration problem. – user207421 Jun 13 '16 at 03:10
  • Thank you. In fact not SSL version problem but ciphersuite – auntyellow Jun 13 '16 at 11:28

0 Answers0