TLS 1.2 era compatible con Java 8 pero no con Java 7
Cuando intenté conectar una URL (una de las URL de los proveedores que admite TLS 1.2 y funcionaba bien anteriormente con Java 7) utilizando Java 7, encontré la siguiente excepción:
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1943)
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1059)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1321)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1305)
at sun.net.www.protocol.https.HttpsClient.afterConnect(HttpsClient.java:523)
at sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(AbstractDelegateHttpsURLConnection.java:185)
at sun.net.www.protocol.http.HttpURLConnection.getOutputStream(HttpURLConnection.java:1087)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getOutputStream(HttpsURLConnectionImpl.java:250)
Para que haya habilitado-Dhttps.protocols=TLSv1.2, -Djavax.net.ssl.trustStore=<keystoreFilePath> y-Djavax.net.ssl.trustStorePassword=<password>
Después de eso también tuve el mismo problema. Luego, actualicé la versión de Java a 8 para que pueda conectarse a la URL sin ningún problema de SSL.
Segúneste blog, en Java 8, TLS 1.2 es el predeterminado y TLS 1.2 se puede ajustar con la propiedad-Dhttps.protocols en Java 7. En Java 7, podría acceder a una URL sin problemas si habilito las propiedades anteriores a través de mis experiencias pasadas.
Pero para la URL, se me solicita que actualice la versión de Java. ¿Cuáles pueden ser los cambios del lado del proveedor causados por la excepción mencionada anteriormente en Java 7? Y sin actualizar Java 8, ¿no puedo acceder a la URL?
Cuando intente con-Djavax.net.debug=all Llegué debajo del registro
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
qtp11284997-17, setSoTimeout(0) called
qtp11284997-18, setSoTimeout(0) called
%% No cached client session
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: *** ClientHello, TLSv1.2
RandomCookie: GMT: 1465902650 bytes = { GMT: 1465902650 bytes = { 113156, , 91, 215, 64, 8, 63, 32, 255, 223, 156, 170, 50, 244, 156, 18, 241, 241, 229, 169, 35, 160, 22, 15, 111, 204, 231, 28, 25, 203, 70, 164, 77, 14, 181, 126, 159, 152, 111, 221, 254, 59 }
Session ID: {}
Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: postprod1.ratetiger.com]
***
[write] MD5 and SHA1 hashes: len = 211
0000: 01 00 00 CF 03 03 57 60 E6 3A 71 D7 40 08 3F FF ......W`.:q.@.?.
0010: 9C 32 9C F1 E5 23 16 6F E7 19 46 A4 4D 0E B5 7E .2...#.o..F.M...
0020: 9F 98 6F DD FE 3B 00 00 2A 00 33 C0 04 00 16 00 ..o..;..*.3.....
0030: 05 C0 03 C0 11 C0 02 C0 07 C0 13 C0 08 C0 0C 00 ................
0040: FF C0 0D C0 0E C0 09 00 2F C0 12 00 04 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 7C 00 0A 00 34 00 32 00 17 00 ..........4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0242, E119, 001, 0F19, 00164, 1081, 3, 0063, 176, 255, .42, .23, .252, .164 }
Session ID: .{}
..Cipher Suites: [TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDH_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_ECDSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_RC4_128_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_RC4_128_MD5, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA]
Compression Methods: { .0 }
........
0080: 11Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
00Extension ec_point_formats, formats: [uncompressed]
02Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: postprod1.ratetiger.com]
***
[write] MD5 and SHA1 hashes: len = 211
0000: 01 00 00 CF 03 03 57 60 E6 3A 9C 5B 20 DF AA F4 ......W`.:.[ ...
0010: 12 F1 A9 A0 0F CC 1C CB F2 77 01 13 A4 51 03 3F .........w...Q.?
0020: B0 FF 2A 17 FC A4 00 00 2A 00 33 C0 04 00 16 00 ..*.....*.3.....
0030: 05 C0 03 C0 11 C0 02 C0 0700 C0 131 C02 0 008 0 C04 0C 000 0 . 0.5. .0.0 14 00 08 00 16 00 .......................
.0.0.4.0
0090: : 0BF 00F 0 C02 0 01D 0 C00 0 00E 0 C0D 0 009 1A0 000 1 8 2 06F 0 C03 1 062 0 001 0 05 ................
00A0: 03 05 01 04 03 04 01 03 03 03 01 02 03 02 01 02 ................
00B0: 02 01 01 00 00 00 1C 00 1A 00 00 17 70 6F 73 74 ............post
00C0: 70 72 6F 64 31 2E 72 61 74 65 74 69 67 65 72 2E prod1.ratetiger.
00D0: 63 6F 6D com
4 00 32 00 ......../.....2.
0050: 13 00 0A 01 00 00 7C 00 0A 00 34 00 32 00 17 00 ..........4.2...
0060: 01 00 03 00 13 00 15 00 06 00 07 00 09 00 0A 00 ................
0070: 18 00 0B 00 0C 00 19 00 0D 00 0E 00 0F 00 10 00 qtp11284997-17, WRITE: TLSv1.2 Handshake, length = 211
.........[Raw write]: length = 216
......0.0
0000: 168 030 0: 113 0 000 D 023 0 010 0 120 00 040 000 05 00C 14F 0 030 0 083 00 165 007 6.0. .E6. .3.A. .7.1. . ..........
.0.0.9.0.: .W`0.:qB
000 020 011 000 0: D70 4 0D0 00 0 1A8 00 183 06F 03 06F 01F 05 9 C. .3.2. .9.C. . .F.1. .E.5. .2.3
00A0 : 031 056 0 6F1 E 047 0 193 4 046 01 0 3.@ . 03? 0.3.2 01. 02. 0.#3.o 02. 01. F02
0 0.2.0.: .A.4. .4.D. .0.E. .B.5. .7E
9F0 980 6FB 0 D: D02 FE 01 3B01 0000 0000 2A00 001C 3300 1A. M00. 00. 1.7..o .7.;0. .*6.3F
0030 : C07 043 0 740 1.6. .0.0. .0.5. .C.0. .post0
300C0 : 70 C072 6F1 641 3 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A 01 00 00 7C 00 0A 00 34 ...2...........4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ...1. .2...........
0090: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 ................
00A0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ............E 72 61 74 65 74 69 67 65 72 2E prod1.ratetiger.
00D0: 63 6F 6D com
qtp11284997-18, WRITE: TLSv1.2 Handshake, length = 211
[Raw write]: length = 216
0000: 16 03 03 00 D3 01 00 00 CF 03 03 57 60 E6 3A 9C ...........W`.:.
0010: 5B 20 DF AA F4 12 F1 A9 A0 0F CC 1C CB F2 77 01 [ ..............
00B0: 02 03 02 01 02 02 01 01 00 00 00 1C 00 1A 00 00 ................
00C0: 17 70 6F 73 74 70 72 6F 64 31 2E 72 61 74 65 74 .postprod1.ratet
00D0: 69 67 65 72 2E 63 6F 6D iger.com
..w.
0020: 13 A4 51 03 3F B0 FF 2A 17 FC A4 00 00 2A 00 33 ..Q.?..*.....*.3
0030: C0 04 00 16 00 05 C0 03 C0 11 C0 02 C0 07 C0 13 ................
0040: C0 08 C0 0C 00 FF C0 0D C0 0E C0 09 00 2F C0 12 ............./..
0050: 00 04 00 32 00 13 00 0A 01 00 00 7C 00 0A 00 34 ...2...........4
0060: 00 32 00 17 00 01 00 03 00 13 00 15 00 06 00 07 .2..............
0070: 00 09 00 0A 00 18 00 0B 00 0C 00 19 00 0D 00 0E ................
0080: 00 0F 00 10 00 11 00 02 00 12 00 04 00 05 00 14 ................
0090: 00 08 00 16 00 0B 00 02 01 00 00 0D 00 1A 00 18 ................
00A0: 06 03 06 01 05 03 05 01 04 03 04 01 03 03 03 01 ................
00B0: 02 03 02 01 02 02 01 01 00 00 00 1C 00 1A 00 00 ................
00C0: 17 70 6F 73 74 70 72 6F 64 31 2E 72 61 74 65 74 .postprod1.ratet
00D0: 69 67 65 72 2E 63 6F 6D iger.com
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
[Raw read]: length = 5
0000: 02000 280 : 15 03 03 00 02 .(
..qtp11284997-17, READ: TLSv1.2 Alert, length = 2
..qtp11284997-17, RECV TLSv1 ALERT: fatal, handshake_failure
.
[Raw read]: length = 2
0000: 02 28qtp11284997-17, called closeSocket()
qtp11284997-17, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
qtp11284997-17, called close()
.(qtp11284997-17, called closeInternal(true)
qtp11284997-18, READ: TLSv1.2 Alert, length = 2
qtp11284997-18, RECV TLSv1 ALERT: fatal, handshake_failure
2016-06-15 10:53:06,722 WARN [ride.intermediate.connect.ratetiger.ConnectRateTiger] -- Exception in InputStream Close--java.lang.NullPointerException
qtp11284997-17, called close()
qtp11284997-17, called closeInternal(true)
qtp11284997-18, called closeSocket()
qtp11284997-18, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
qtp11284997-18, called close()
qtp11284997-18, called closeInternal(true)