Received fatal alert: handshake_failure, debug does not show the cause

Question

I am trying to download an image from an HTTPS server using a Java HTTP client like so...

System.setProperty("javax.net.debug", "all");
System.setProperty("jsse.enableSNIExtension", "false");

 URL url = new URL("https://secureserver.com/media/hot-jlaw-image.jpg")
 HttpURLConnection urlConn =  url.openConnection()
 urlConn.setRequestMethod("GET")

 File myImg = new File("/Users/joe/Downloads/myImage.jpg")
 myImg.append(urlConn.getInputStream())

My client is running on Java 8. With debugging turned on, I see what includes the below...

 *** ClientHello, TLSv1.2
 RandomCookie:  GMT: 1478629170 bytes = { 23, 147, 128, 164, 76, 36, 0, 143, 175, 43, 227, 154, 16, 212, 209, 112, 224, 227, 0, 109, 196, 178, 231, 43, 112, 198, 36, 235 }
 Session ID:  {}
 Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

main, WRITE: TLSv1.2 Handshake, length = 193

Caught: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[Raw read]: length = 5
0000: 15 03 03 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, handshake_failure

So it seems like the Client Hello is sent and the Handshake is sent but nothing is sent back from the server except an alert about handshake failure.

This answer suggests several reasons why this error could occur, for example Incompatible cipher suites or Incomplete trust paths, and it suggests turning on debugging.

But in my case debugging hasn't revealed the culprit. Any suggestions on what else to try?

I see that the root CA from the server is Starfield Services Root Certificate Authority - G2, could it be that my Java client doesn't recognize this CA? — AbuMariam, Nov 08 '16 at 23:59

score 0 · Accepted Answer · edited May 23 '17 at 12:13

0

Turns out the problem was this line

 System.setProperty("jsse.enableSNIExtension", "false");'

Their server must have been virtual because some posts indicate this will not work for such servers.

edited May 23 '17 at 12:13

Community

1
1

answered Nov 09 '16 at 21:34

AbuMariam

3,282
13
49
82

Received fatal alert: handshake_failure, debug does not show the cause

1 Answers1