0

We use Java 1.8.0_121 and Apache HTTP client version 4.4.1 on the client side.

I have removed all SHA related ciphers from the server side to improve the application security. For example, I have removed ECDHE-RSA-AES256-SHA.

Unfortunately I started to get SSLHandshakeException (see below). I still have in my server side configuration SHA256, SHA384 ciphers. For example ECDHE-ECDSA-AES128-GCM-SHA256 or ECDHE-RSA-AES256-SHA384. On the client side we use Bouncy Castle provider and it should support these ciphers: https://bouncycastle.org/specifications.html

Why it happens and what should I do to prevent the problem?

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_121]
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_121]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) ~[httpclient-4.4.1.jar:4.4.1]

Added

Lets say I understand why I still can use ECDHE-RSA-AES256-SHA. I still do not understand why it fails.

Is ECDHE-RSA-AES256-SHA uses HMAC SHA-1? Where can I find how many bits used by HMAC SHA-1?

Michael
  • 1,479
  • 1
  • 18
  • 37
  • Removing ciphers which use SHA-1 as a HMAC shows the wrong understanding of where SHA-1 should be removed vs. where it can stay. See Will Google block HMAC-SHA1 along with SHA1 signed certificates?. And it is unknown which ciphers exactly are still offered by the server vs. which ciphers the client really supports. Note that there might be a difference between what you've configured vs. what the server really offers and thus don't look only at your configuration. – Steffen Ullrich Feb 19 '17 at 08:26
  • Why might be a difference between the configuration vs. what the server really offers? – Michael Feb 19 '17 at 19:07
  • Because the openssl version might not support all the ciphers you have configured. Have you checked the site with SSLLabs? – Steffen Ullrich Feb 19 '17 at 19:13
  • I have asked additional question http://security.stackexchange.com/questions/151796/can-server-side-communicate-using-cipher-that-not-listed-in-the-ciphersuite – Michael Feb 20 '17 at 14:51
  • Lets say I understand why I still can use ECDHE-RSA-AES256-SHA. I still do not understand why it fails.

    Is ECDHE-RSA-AES256-SHA uses HMAC SHA-1? Where can I find how many bits used by HMAC SHA-1?

     – Michael Feb 20 '17 at 15:01
  • See Wikipedia for how a HMAC works. From this you can see that the size of the HMAC is the size of the hash-algorithms used, i.e. 20 byte in case of SHA-1. – Steffen Ullrich Feb 20 '17 at 15:23

0 Answers0