ansaurus

Question

jsse handshake_failure on public https web site

Answer 1

+1 A:

I connected with FF 3.6 to that website and sniffed the connection with Wireshark. Indeed, the first SSL connection attempt sends an TLS1.0 client hello and the server responds with a handshake failure, then FF3.6 immediately retries using the SSLv2 compatible hello which succeeds. All this happens transparently to the user so you don't notice the initial failure. Try setting the system property https.protocols to SSLv2Hello. Note that the JSSE does not support SSL v2, this is just the format of the initial client hello.

EDIT:

Well, never mind, I see that JSSE uses by default the SSLv2 client hello. I don't know why the first connection attempt failed. Maybe you just have to try twice in a row.

GregS 2010-01-29 03:25:48

I tried wrapping the existing u.getContent() with a try/catch and then put another u.getContent() after the catch. This just results in two stack traces. Or did you mean something else for 'try twice in a row' ?

TheDon 2010-01-29 04:19:52

I meant basically that, but create a new URL object for the second try.

GregS 2010-01-30 00:10:14

Answer 2

+1 A:

There is your setting:

System.setProperty("https.protocols", "SSLv3");

You were correct - it's the SSL version that causes the problem. Here is some sort of explanation.

Congratulations for the nice and well researched question!

Bozho 2010-02-15 18:27:04

Wow! Thanks a lot, that did the trick.

TheDon 2010-02-15 19:39:49

@TheDon - remember to accept my answer then ;) (the tick below the votes)

Bozho 2010-02-15 19:48:51

I didn't forget. :) I just can't change my mind once I accept an answer, so I'm making sure it does what I want.

TheDon 2010-02-15 20:51:04

ok :) btw, I tested it and it returned the whole content of the page.

Bozho 2010-02-15 20:54:18

Ok, I'm happy. Thanks!

TheDon 2010-02-15 21:28:22

ansaurus

tags:

views:

answers:

jsse handshake_failure on public https web site

related questions