The forums are full with this question but I can't find a solution. I try to connect a WS but without any success. I tried to update cacerts file with no effect.
The log are :
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1507108654 bytes = { 133, 135, 81, 148, 186, 186, 146, 23, 28, 240, 158, 152, 139, 167, 209, 225, 54, 253, 112, 118, 61, 112, 140, 214, 149, 198, 197, 219 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 75
0000: 01 00 00 47 03 01 5A D5 A7 2E 85 87 51 94 BA BA ...G..Z.....Q...
0010: 92 17 1C F0 9E 98 8B A7 D1 E1 36 FD 70 76 3D 70 ..........6.pv=p
0020: 8C D6 95 C6 C5 DB 00 00 20 00 04 00 05 00 2F 00 ........ ...../.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 00 FF 01 00 ...........
http-8080-1, WRITE: TLSv1 Handshake, length = 75
[Raw write]: length = 80
0000: 16 03 01 00 4B 01 00 00 47 03 01 5A D5 A7 2E 85 ....K...G..Z....
0010: 87 51 94 BA BA 92 17 1C F0 9E 98 8B A7 D1 E1 36 .Q.............6
0020: FD 70 76 3D 70 8C D6 95 C6 C5 DB 00 00 20 00 04 .pv=p........ ..
0030: 00 05 00 2F 00 33 00 32 00 0A 00 16 00 13 00 09 .../.3.2........
0040: 00 15 00 12 00 03 00 08 00 14 00 11 00 FF 01 00 ................
http-8080-1, received EOFException: error
http-8080-1, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
http-8080-1, SEND TLSv1 ALERT: fatal, description = handshake_failure
http-8080-1, WRITE: TLSv1 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 01 00 02 02 28 ......(
http-8080-1, called closeSocket()
http-8080-1, called close()
http-8080-1, called closeInternal(true)
Thanks for you help
Most probably the server has disabled TLS 1.0 (and you're talking TLS 1.0 as seen in the sequence bytes 47 03 01 5A), or it is waiting for the SNI extension which is absent.
About Java 6, only 6u111 will allow anything better (TLS 1.1) than TLS 1.0, and 6u121 will allow TLS 1.2. Have a look at the Reference. Because of the TLS version intolerance problem, it's still unsufficient, and only a system property will enable it for good, as explained in the Release Notes :
TLS v1.2 is now a TLS protocol option with this release. By default, TLSv1.0 will remain the default enabled protocol on client sockets.
For this reason, a couple of system properties to try :
-Djdk.tls.client.protocols="TLSv1.2" (prerequisite : 6u121 / 7u95)-Dhttps.protocols="TLSv1.2" if your code is using HttpsURLConnection Your ClientHello is correctly formatted but it doesn't contain any extension (particularly the SNI). This is why it looks so short (bytes = 80). The SNI is enabled by default starting with 6u121 (if I'm right). Both causes that I see should be solved with the adequate Java version.