0

I did a standalone java (java 1.8, I cannot upgrade it) application that is a client of a webapp. This webapp has updated the SSL connection from SSL1.2 to SSL2. My development machine can access to the webapp, the production machine has some problems. If I don't set the HostnameVerifier, I have a SSLHandshakeException (Received fatal alert: handshake_failure). If I set the HostnameVerifier in this way:

httpsConnection.setHostnameVerifier(new HostnameVerifier() {
  public boolean verify(String hostname, SSLSession session) {
    return true;
  }
});

the result is SocketException (Connection reset).

My develope machine works well without the HostnameVerifier. This means that I have some certificates installed on my PC? How can I install the same certificates into the production machine?

Lucio Menci
  • 133
  • 6
  • 1
    in the first step you should try to find the root cause bei enabling ssl-debugging on the prod-machine: https://stackoverflow.com/q/23659564/4994931 This will give you a hint. Then you can check which certificate has to be added/replaced/trusted . – gratinierer Feb 15 '23 at 12:24
  • Also see if there are (or can be created) any logs on the server that tell you what (if anything) it thinks is wrong. There is not and never has been any SSL 1.2, and SSL 2 was broken and obsolete _last century_. All systems today are using TLS instead, which is the successor to SSL, and TLS 1.2 or 1.3 is now required by quite a few servers, but there is no TLS 2 at all. – dave_thompson_085 Feb 15 '23 at 12:35
  • 1
    Don't forget !!! When you create a certificate the hostname embedded in the certificate at time of generation with it's input args must match the server hostname it is used on. Is there a different hostname on the certificate and Dev machine or different in the cert and online site server site? Just from interest java key store or standard key store? – Samuel Marchant Feb 15 '23 at 13:05
  • And it's some time since, but the port(s) allocated on the generator args should be the port(s) used. Ho ho ho ho did you pay for localhost registered and not the site domain ???? Technically SSL does not work using localhost as a general rule anyhow, that is quite difficult to do. It's been a while from OpenSSL since it did a special unique localhost release. – Samuel Marchant Feb 15 '23 at 13:17
  • I replaced SSL with TLS in this way: `SSLContext sc = SSLContext.getInstance("TLSv1.2"); sc.init(null, enableUntrusted? getTrustedCertificates() : null, new SecureRandom()); connection.setSSLSocketFactory(sc.getSocketFactory());` but I continue to have handleshake exception (fatal alert: handshake_failure). @gratinierer I tried to debug the connection, the result is here [https://drive.google.com/file/d/1p4Pyw6GtDjfQgxRnamhKDtPxtSmZau3Q/view?usp=sharing] I'm not very able to understand wath it mean, I'm a newby about security connections. Can you help me? – Lucio Menci Feb 21 '23 at 11:38

0 Answers0