java ssl handshake_failure issue

Question

I'm trying to send a request to one of our server url,but whenever i try to connect I get this expection

java.net.ConnectException: Received fatal alert: handshake_failure

This the certificate details i got from the browser when visiting the website.

Common Name (CN)    Go Daddy Secure Certificate Authority - G2
Organisation (O)    GoDaddy.com, Inc.
Organisational Unit (OU)    http://certs.godaddy.com/repository/

I checked for the same details in cacerts in my java directory

keytool -list -keystore /usr/lib/jvm/java-1.8.0-openjdk-1.8.0.101-3.b13.24.amzn1.x86_64/jre/lib/security/cacerts | grep godaddy

godaddyclass2ca, 23 Sep, 2016, trustedCertEntry, 
godaddyrootcertificateauthority-g2, 23 Sep, 2016, trustedCertEntry,

This is the installed java version:

openjdk version "1.8.0_101"
OpenJDK Runtime Environment (build 1.8.0_101-b13)
OpenJDK 64-Bit Server VM (build 25.101-b13, mixed mode)

I even downloaded the certificate from the browser and imported it into cacerts

keytool -import -keystore cacerts -file test.cer

Please help me to debug it.

As per your exception this does not look like a `SSL exception` that means your certificate trust path might be getting validated correctly. But the connection can fail due to other reasons as protocol mismatch or you hostname does not match with certificate. Is it possible for you to check the protocol supported by server? Tou are using java 8 , thus your client should be using `tlsv2`. — Rishikesh Darandale, Aug 02 '17 at 18:03
You should run with -Djavax.net.debug=all and look what protocol step fails — mtraut, Aug 02 '17 at 18:05
I just found another [thread](https://stackoverflow.com/a/6353956/8101556), this might be helpful for you. — Rishikesh Darandale, Aug 02 '17 at 18:05

score 0 · Answer 1 · answered Nov 30 '17 at 06:24

You need to install JCE extension for you JVM. Basicly this problem is due to the mismatch cipher between your local JAVA and the https site.

Use https://www.ssllabs.com/ to check if your REST API supports java, check this image example

If it shows like this, you can download the files from http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html. Once done, replace the two JARs (local_policy.jar, US_export_policy.jar) under your JRE's lib/security directory with the ones from the downloaded package.

If not, please provide more detail information so we can check in detail.

Check the solution here i just tired How to debug the ssl connection error, it works for me and save my day!

The poster of this question is using **OpenJDK**, which never included the the Oracle (and previously Sun) crypto strength limitation 'feature' and **does not need or use the Oracle policy 'upgrade'** (note this doesn't install JCE; JCE is already part of JRE, you install only a JCE _policy_). Cipher mismatch can occur for many other reasons besides strength limitation, and handshake_failure can occur for many other reasons besides cipher mismatch; https://stackoverflow.com/questions/6353849/received-fatal-alert-handshake-failure- (already) linked in a comment above shows some of them. — dave_thompson_085, Nov 30 '17 at 07:40

java ssl handshake_failure issue

1 Answers1