Java 8 RECV TLSv1.2 ALERT: fatal, handshake_failure

Question

J'ai épuisé mes capacités de recherche et d'expérimentation pour résoudre ce problème. J'ai essayé les gestionnaires de confiance, les usines de socket ssl, les vérificateurs de nom d'hôte, le registre de schéma, les modifications de contexte ssl, etc.

Quelqu'un peut-il m'aider?

Le programme est:

import Java.io.BufferedReader ; import Java.io.InputStreamReader ; import Java.io.Reader ; import Java.net.URL ; import Java.net.URLConnection ; import Java.security.cert.X509Certificate ; import javax.net.ssl.HostnameVerifier ; import javax.net.ssl.HttpsURLConnection ; import javax.net.ssl.SSLContext ; import javax.net.ssl.SSLSession ; import javax.net.ssl.TrustManager ; import javax.net.ssl.X509TrustManager ; public class TestSSL { public static void main(String[] args) throws Exception { // Create a trust manager that does not validate certificate chains TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() { public Java.security.cert.X509Certificate[] getAcceptedIssuers() { return null ; } public void checkClientTrusted(X509Certificate[] certs, String authType) { } public void checkServerTrusted(X509Certificate[] certs, String authType) { } } } ; // Install the all-trusting trust manager final SSLContext sc = SSLContext.getInstance("SSL") ; sc.init(null, trustAllCerts, new Java.security.SecureRandom()) ; HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()) ; // Create all-trusting Host name verifier HostnameVerifier allHostsValid = new HostnameVerifier() { public boolean verify(String hostname, SSLSession session) { return true ; } } ; // Install the all-trusting Host verifier HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid) ; // set target URL //////////////////////////////////////////////////////////////////////////////////////////// URL url = new URL("https://sourceforge.net/projects/taggersharp/") ; // THIS FAILS // URL url = new URL("https://www.google.com"); //THIS WORKS //////////////////////////////////////////////////////////////////////////////////////////// // process the URL URLConnection con = url.openConnection() ; final Reader reader = new InputStreamReader(con.getInputStream()) ; final BufferedReader br = new BufferedReader(reader) ; String line = "" ; while ((line = br.readLine()) != null) { System.out.println(line) ; } br.close() ; } // End of main } // End of the class //

Je le compile et l'exécute avec les options et résultats suivants:

C:\$\VersionsTEST>"C:\Program Files\Java\jre1.8.0_141\bin\Java.exe" -Djavax.net.debug=ssl -Djava.security.properties=security.props -Dhttps.protocols=TLSv1.1,TLSv1,TLSv1.2 -Djavax.net.debug=all -Djavax.net.debug=all TestSSL Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false main, setSoTimeout(0) called main, the previous server name in SNI (type=Host_name (0), value=sourceforge.net) was replaced with (type=Host_name (0), value=sourceforge.net) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 %% No cached client session *** ClientHello, TLSv1.2 RandomCookie: GMT: 1487939520 bytes = { 108, 232, 206, 41, 154, 180, 117, 47, 215, 3, 103, 236, 131, 140, 254, 113, 53, 30, 15, 54, 153, 237, 200, 209, 239, 85, 46, 190 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension server_name, server_name: [type=Host_name (0), value=sourceforge.net] *** [write] MD5 and SHA1 hashes: len = 169 0000: 01 00 00 A5 03 03 59 B0 28 C0 6C E8 CE 29 9A B4 ......Y.(.l..).. 0010: 75 2F D7 03 67 EC 83 8C FE 71 35 1E 0F 36 99 ED u/..g....q5..6.. 0020: C8 D1 EF 55 2E BE 00 00 2A C0 23 C0 27 00 3C C0 ...U....*.#.'.<. 0030: 25 C0 29 C0 09 C0 13 00 2F C0 04 C0 0E C0 2B C0 %.)...../.....+. 0040: 2F 00 9C C0 2D C0 31 C0 08 C0 12 00 0A C0 03 C0 /...-.1......... 0050: 0D 00 FF 01 00 00 52 00 0A 00 16 00 14 00 17 00 ......R......... 0060: 18 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 ................ 0070: 16 00 0B 00 02 01 00 00 0D 00 16 00 14 06 03 06 ................ 0080: 01 05 03 05 01 04 03 04 01 04 02 02 03 02 01 02 ................ 0090: 02 00 00 00 14 00 12 00 00 0F 73 6F 75 72 63 65 ..........source 00A0: 66 6F 72 67 65 2E 6E 65 74 forge.net main, WRITE: TLSv1.2 Handshake, length = 169 [Raw write]: length = 174 0000: 16 03 03 00 A9 01 00 00 A5 03 03 59 B0 28 C0 6C ...........Y.(.l 0010: E8 CE 29 9A B4 75 2F D7 03 67 EC 83 8C FE 71 35 ..)..u/..g....q5 0020: 1E 0F 36 99 ED C8 D1 EF 55 2E BE 00 00 2A C0 23 ..6.....U....*.# 0030: C0 27 00 3C C0 25 C0 29 C0 09 C0 13 00 2F C0 04 .'.<.%.)...../.. 0040: C0 0E C0 2B C0 2F 00 9C C0 2D C0 31 C0 08 C0 12 ...+./...-.1.... 0050: 00 0A C0 03 C0 0D 00 FF 01 00 00 52 00 0A 00 16 ...........R.... 0060: 00 14 00 17 00 18 00 19 00 09 00 0A 00 0B 00 0C ................ 0070: 00 0D 00 0E 00 16 00 0B 00 02 01 00 00 0D 00 16 ................ 0080: 00 14 06 03 06 01 05 03 05 01 04 03 04 01 04 02 ................ 0090: 02 03 02 01 02 02 00 00 00 14 00 12 00 00 0F 73 ...............s 00A0: 6F 75 72 63 65 66 6F 72 67 65 2E 6E 65 74 ourceforge.net [Raw read]: length = 5 0000: 15 03 03 00 02 ..... [Raw read]: length = 2 0000: 02 28 .( main, READ: TLSv1.2 Alert, length = 2 main, RECV TLSv1.2 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 trigger seeding of SecureRandom done seeding SecureRandom Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false main, setSoTimeout(0) called main, the previous server name in SNI (type=Host_name (0), value=sourceforge.net) was replaced with (type=Host_name (0), value=sourceforge.net) Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 %% No cached client session *** ClientHello, TLSv1.2 RandomCookie: GMT: 1487939569 bytes = { 112, 166, 46, 83, 81, 37, 183, 87, 66, 77, 244, 18, 174, 101, 138, 145, 155, 105, 62, 195, 70, 55, 37, 194, 127, 138, 118, 101 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA Extension server_name, server_name: [type=Host_name (0), value=sourceforge.net] *** [write] MD5 and SHA1 hashes: len = 169 0000: 01 00 00 A5 03 03 59 B0 28 F1 70 A6 2E 53 51 25 ......Y.(.p..SQ% 0010: B7 57 42 4D F4 12 AE 65 8A 91 9B 69 3E C3 46 37 .WBM...e...i>.F7 0020: 25 C2 7F 8A 76 65 00 00 2A C0 23 C0 27 00 3C C0 %...ve..*.#.'.<. 0030: 25 C0 29 C0 09 C0 13 00 2F C0 04 C0 0E C0 2B C0 %.)...../.....+. 0040: 2F 00 9C C0 2D C0 31 C0 08 C0 12 00 0A C0 03 C0 /...-.1......... 0050: 0D 00 FF 01 00 00 52 00 0A 00 16 00 14 00 17 00 ......R......... 0060: 18 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 ................ 0070: 16 00 0B 00 02 01 00 00 0D 00 16 00 14 06 03 06 ................ 0080: 01 05 03 05 01 04 03 04 01 04 02 02 03 02 01 02 ................ 0090: 02 00 00 00 14 00 12 00 00 0F 73 6F 75 72 63 65 ..........source 00A0: 66 6F 72 67 65 2E 6E 65 74 forge.net main, WRITE: TLSv1.2 Handshake, length = 169 [Raw write]: length = 174 0000: 16 03 03 00 A9 01 00 00 A5 03 03 59 B0 28 F1 70 ...........Y.(.p 0010: A6 2E 53 51 25 B7 57 42 4D F4 12 AE 65 8A 91 9B ..SQ%.WBM...e... 0020: 69 3E C3 46 37 25 C2 7F 8A 76 65 00 00 2A C0 23 i>.F7%...ve..*.# 0030: C0 27 00 3C C0 25 C0 29 C0 09 C0 13 00 2F C0 04 .'.<.%.)...../.. 0040: C0 0E C0 2B C0 2F 00 9C C0 2D C0 31 C0 08 C0 12 ...+./...-.1.... 0050: 00 0A C0 03 C0 0D 00 FF 01 00 00 52 00 0A 00 16 ...........R.... 0060: 00 14 00 17 00 18 00 19 00 09 00 0A 00 0B 00 0C ................ 0070: 00 0D 00 0E 00 16 00 0B 00 02 01 00 00 0D 00 16 ................ 0080: 00 14 06 03 06 01 05 03 05 01 04 03 04 01 04 02 ................ 0090: 02 03 02 01 02 02 00 00 00 14 00 12 00 00 0F 73 ...............s 00A0: 6F 75 72 63 65 66 6F 72 67 65 2E 6E 65 74 ourceforge.net [Raw read]: length = 5 0000: 15 03 03 00 02 ..... [Raw read]: length = 2 0000: 02 28 .( main, READ: TLSv1.2 Alert, length = 2 main, RECV TLSv1.2 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at Sun.security.ssl.Alerts.getSSLException(Unknown Source) at Sun.security.ssl.Alerts.getSSLException(Unknown Source) at Sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) at Sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) at Sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at Sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at Sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) at Sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source) at Sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source) at Sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source) at Sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source) at Sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source) at TestSSL.main(TestSSL.Java:66)

Steffen Ullrich · Answer

Si vous cochez les chiffres proposés par sourceforge.net comme analysés par SSLLabs , vous verrez que le site ne prend en charge que les chiffres avec AES256. Si vous regardez ensuite les chiffrements offerts par votre Java vous verrez qu'il n'y a que des chiffrements AES128 et 3DES:

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Cela signifie qu'aucune des offres de chiffrement de votre client n'est acceptée par le serveur, ce qui entraînera un échec de la prise de contact. Il se peut que vous deviez activer Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy pour prendre en charge les chiffrements AES256.

PaulJayD · Answer

La réponse ci-dessus est correcte, bien sûr. J'ai par erreur ajouté les fichiers "UnlimitedJCEPolicyJDK8" dans le répertoire JRE et SDK\lib, pas le répertoire\lib\security . J'ai réparé l'erreur et tout va bien.

Merci à tous.

Paul

Merci à tous.

Paul