Rocksolid Light

Welcome to RetroBBS

mail  files  register  newsreader  groups  login

Message-ID:  

"Ahead warp factor 1" -- Captain Kirk

devel / comp.lang.java.programmer / I disable SSL/TLS verification but I get "Fatal (HANDSHAKE_FAILURE): no cipher suites in common"

SubjectAuthor
* I disable SSL/TLS verification but I get "Fatal (HANDSHAKE_FAILURE):mike
`* Re: I disable SSL/TLS verification but I get "FatalArne Vajhøj
 `- Re: I disable SSL/TLS verification but I get "FatalStas Markov

1
I disable SSL/TLS verification but I get "Fatal (HANDSHAKE_FAILURE): no cipher suites in common"

<9539c949-f193-4d36-8f14-88f9babdcc43n@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=230&group=comp.lang.java.programmer#230

  copy link   Newsgroups: comp.lang.java.programmer
X-Received: by 2002:a05:620a:a54:b0:746:7a48:d409 with SMTP id j20-20020a05620a0a5400b007467a48d409mr6640581qka.8.1680292269225;
Fri, 31 Mar 2023 12:51:09 -0700 (PDT)
X-Received: by 2002:a05:6902:1145:b0:b09:6f3d:ea1f with SMTP id
p5-20020a056902114500b00b096f3dea1fmr18503538ybu.4.1680292268898; Fri, 31 Mar
2023 12:51:08 -0700 (PDT)
Path: i2pn2.org!i2pn.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer03.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.lang.java.programmer
Date: Fri, 31 Mar 2023 12:51:08 -0700 (PDT)
Injection-Info: google-groups.googlegroups.com; posting-host=83.253.148.91; posting-account=1c_fOgoAAADuOXlL0A4-T9PUmVHtMSYd
NNTP-Posting-Host: 83.253.148.91
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <9539c949-f193-4d36-8f14-88f9babdcc43n@googlegroups.com>
Subject: I disable SSL/TLS verification but I get "Fatal (HANDSHAKE_FAILURE):
no cipher suites in common"
From: mikaelpetterson@hotmail.com (mike)
Injection-Date: Fri, 31 Mar 2023 19:51:09 +0000
Content-Type: text/plain; charset="UTF-8"
X-Received-Bytes: 10271
 by: mike - Fri, 31 Mar 2023 19:51 UTC

Hi,

I have add the following to disable SSL verification when I download files ( since it is in a testenv).

This is the code:

public static void disableSslVerification() {
try {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {

@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}

@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {// NOSONAR
// Do nothing
}

@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {// NOSONAR
// Do nothing
}
} };

// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");// NOSONAR
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

// Create all-trusting host name verifier
HostnameVerifier allHostsValid = (String hostname, SSLSession session) -> true; // NOSONAR

// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
LOGGER.error("No such algorithm", e);
} catch (KeyManagementException e) {
LOGGER.error("Key Management problem", e);
}
}

Then I have a class where I establish the connection with the following code:

public static synchronized HttpsURLConnection openHttpsConnection(String url) {
HttpsURLConnection connection = null;
try {
URL myURL = new URL(url);
LOGGER.debug("Opening stream to {}", myURL);
connection = (HttpsURLConnection) myURL.openConnection(Proxy.NO_PROXY);
handleResponse(connection);
} catch (IOException ioe) {
throw new ConnectionException("Could not open https connection to node ", ioe);
}
return connection;
}

Then I use a unit test to verify my code:

public class HttpConnectionUtilsTest {

@Test
public void establishConnectionSuccessful() {
// Configure WireMock to use HTTPS and the SSL/TLS certificate

final String passwd = "secret";

URL trustStore = HttpConnectionUtilsTest.class.getClassLoader().getResource("com/company/util/truststore_ok.jks");

WireMockConfiguration wireMockConfiguration = wireMockConfig()
.httpsPort(8443)
.keystorePath(new File(trustStore.getFile()).getAbsolutePath())
.keystorePassword(passwd).needClientAuth(false)
.trustStorePath(new File(trustStore.getFile()).getAbsolutePath())
.trustStorePassword(passwd);
// Create a WireMockServer instance with the configuration
WireMockServer wireMockServer = new WireMockServer(wireMockConfiguration);

// start the server.
wireMockServer.start();

//Try to establish a connection to server over TLS/SSL.
HttpConnectionUtils.disableSslVerification();
HttpsURLConnection connection = HttpConnectionUtils.openHttpsConnection("https://localhost:8443/");

// Stop the server
wireMockServer.stop();

}

}

When debugging the output from ssl I see:

javax.net.ssl|DEBUG|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: status_request_v2
javax.net.ssl|WARNING|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|WARNING|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|DEBUG|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:207|Ignore unavailable extension: renegotiation_info
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.696 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.697 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.697 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.697 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for DSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for DSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for DSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for DSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.701 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.701 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ERROR|1B|qtp1311315651-27|2023-03-31 17:17:00.703 CEST|TransportContext.java:345|Fatal (HANDSHAKE_FAILURE): no cipher suites in common (
"throwable" : {
javax.net.ssl.SSLHandshakeException: no cipher suites in common

Why do I get this when I trust all certificates?

br,

//mike

Re: I disable SSL/TLS verification but I get "Fatal (HANDSHAKE_FAILURE): no cipher suites in common"

<u07ds9$1i0bo$1@dont-email.me>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=231&group=comp.lang.java.programmer#231

  copy link   Newsgroups: comp.lang.java.programmer
Path: i2pn2.org!i2pn.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail
From: arne@vajhoej.dk (Arne Vajhøj)
Newsgroups: comp.lang.java.programmer
Subject: Re: I disable SSL/TLS verification but I get "Fatal
(HANDSHAKE_FAILURE): no cipher suites in common"
Date: Fri, 31 Mar 2023 15:55:51 -0400
Organization: A noiseless patient Spider
Lines: 46
Message-ID: <u07ds9$1i0bo$1@dont-email.me>
References: <9539c949-f193-4d36-8f14-88f9babdcc43n@googlegroups.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Injection-Date: Fri, 31 Mar 2023 19:55:53 -0000 (UTC)
Injection-Info: dont-email.me; posting-host="cc03a142d8ea1490cebe49098ab10aa6";
logging-data="1638776"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+5WjYQDjw+Ab7Gnrh+zC0y+1BskCqa7WQ="
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:102.0) Gecko/20100101
Thunderbird/102.9.1
Cancel-Lock: sha1:L2AF+TxcOyu7eUku9gXulbUa0pA=
In-Reply-To: <9539c949-f193-4d36-8f14-88f9babdcc43n@googlegroups.com>
Content-Language: en-US
 by: Arne Vajhøj - Fri, 31 Mar 2023 19:55 UTC

On 3/31/2023 3:51 PM, mike wrote:
> I have add the following to disable SSL verification when I download files ( since it is in a testenv).
>
> This is the code:

> TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
>
> @Override
> public java.security.cert.X509Certificate[] getAcceptedIssuers() {
> return new X509Certificate[0];
> }
>
> @Override
> public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {// NOSONAR
> // Do nothing
> }
>
> @Override
> public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {// NOSONAR
> // Do nothing
> }
> } };
>
> // Install the all-trusting trust manager
> SSLContext sc = SSLContext.getInstance("SSL");// NOSONAR
> sc.init(null, trustAllCerts, new java.security.SecureRandom());
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

> javax.net.ssl|ERROR|1B|qtp1311315651-27|2023-03-31 17:17:00.703 CEST|TransportContext.java:345|Fatal (HANDSHAKE_FAILURE): no cipher suites in common (
> "throwable" : {
> javax.net.ssl.SSLHandshakeException: no cipher suites in common
>
> Why do I get this when I trust all certificates?

This error does not mean that the certificate was not accepted - it
means that client and server could not agree on algorithms.

Probably the server and client are very far apart age wise.

Crazy guess try:

SSLContext.getInstance("TLSv1.2")

Arne

Re: I disable SSL/TLS verification but I get "Fatal (HANDSHAKE_FAILURE): no cipher suites in common"

<58577480-8370-4972-8006-b0c6e2764b8an@googlegroups.com>

  copy mid

https://www.rocksolidbbs.com/devel/article-flat.php?id=313&group=comp.lang.java.programmer#313

  copy link   Newsgroups: comp.lang.java.programmer
X-Received: by 2002:a05:622a:6dcb:b0:421:c2c5:4f12 with SMTP id ir11-20020a05622a6dcb00b00421c2c54f12mr43851qtb.6.1699964426275;
Tue, 14 Nov 2023 04:20:26 -0800 (PST)
X-Received: by 2002:a63:5344:0:b0:5b8:eaa4:c6d8 with SMTP id
t4-20020a635344000000b005b8eaa4c6d8mr482545pgl.1.1699964425795; Tue, 14 Nov
2023 04:20:25 -0800 (PST)
Path: i2pn2.org!i2pn.org!paganini.bofh.team!2.eu.feeder.erje.net!feeder.erje.net!proxad.net!feeder1-2.proxad.net!209.85.160.216.MISMATCH!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.lang.java.programmer
Date: Tue, 14 Nov 2023 04:20:25 -0800 (PST)
In-Reply-To: <u07ds9$1i0bo$1@dont-email.me>
Injection-Info: google-groups.googlegroups.com; posting-host=193.0.218.164; posting-account=iBnctAoAAAAPHHK7xxdLFH4AEmFy4uhj
NNTP-Posting-Host: 193.0.218.164
References: <9539c949-f193-4d36-8f14-88f9babdcc43n@googlegroups.com> <u07ds9$1i0bo$1@dont-email.me>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <58577480-8370-4972-8006-b0c6e2764b8an@googlegroups.com>
Subject: Re: I disable SSL/TLS verification but I get "Fatal
(HANDSHAKE_FAILURE): no cipher suites in common"
From: stasmarkov88@gmail.com (Stas Markov)
Injection-Date: Tue, 14 Nov 2023 12:20:26 +0000
Content-Type: text/plain; charset="UTF-8"
 by: Stas Markov - Tue, 14 Nov 2023 12:20 UTC

WOW.
this line actually helped

SSLContext.getInstance("TLSv1.2")

Thanks

1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor