Friend of mine recently had one issue with SLS Mutual Authentication (aka Client Authentication) that server was failing with error “Re-negotiation handshake failed: Not accepted by client!” and at client side it was throwing following error.
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:150)
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:117)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1650)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:739)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(AppInputStream.java:75)
at java.io.BufferedInputStream.fill(BufferedInputStream.java:218)
at java.io.BufferedInputStream.read(BufferedInputStream.java:235)
After all the debugging to make sure all the required system parameters are specified like keyStore and trustStore and wasting lot of time, it was found out that the certificate the client was using had some issues with private/public keypair.
So if you get into this above issue or any other issues related to SSL connectivity, check out the certificate you are using on both sides. Even better try out the SSL Connectivity with simple client/server ssl app and make sure it is working then try out in the real application.
Well for same friend, I actually wrote a simple client/server SSL app which which let’s client/server exchange some user keyedin data.
Here is how to use it.
1. Download the source and class files from here and extract to a folder.
2. Put your certificate files (you can rename your certificate files as client.jks/server.jks or change the parameters in the bat files)
3. Run server.bat, which starts a server on port 7001 (you can pass parameter “true”, which enables the client authentication else disables it)
4. Run client.bat and notice that it is talking to server and finishing the handshake. To confirm client is communicating with server, type some text and notice that it is echoed back by the server.
Here is the sample output.
Client:
C:\Projects\EclipseWorkspace\SSLTest\temp>client Connecting to the server at localhost:7001 Connected to the server. Type something and press enter. Whatever you type will be sent to the server, which will echo back. SSL Handshake Completed with following details: CipherSuite: SSL_RSA_WITH_RC4_128_MD5 LocalPrincipal: CN=Client Test, OU=Java Unit, O=Java Company, L=Java City, ST=Java State, C=US RemovePrincipal: CN=Server Test, OU=Java Unit, O=Java Company, L=Java City, ST=Java State, C=US Session: [Session-1, SSL_RSA_WITH_RC4_128_MD5] Socket: 1f33675[SSL_RSA_WITH_RC4_128_MD5: Socket[addr=localhost/127.0.0.1,port=7001,localport=3206]] hello hello world world
Server:
C:\Projects\EclipseWorkspace\SSLTest\temp>server true Enabling client authentication Listening for a new connection at port 7001 Connection accepted from /127.0.0.1:3206 SSL Handshake Completed with following details: CipherSuite: SSL_RSA_WITH_RC4_128_MD5 LocalPrincipal: CN=Server Test, OU=Java Unit, O=Java Company, L=Java City, ST=Java State, C=US RemovePrincipal: CN=Client Test, OU=Java Unit, O=Java Company, L=Java City, ST=Java State, C=US Session: [Session-1, SSL_RSA_WITH_RC4_128_MD5] Socket: 7c6768[SSL_RSA_WITH_RC4_128_MD5: Socket[addr=/127.0.0.1,port=3206,localport=7001]]
Hope this helps.
0 Responses to “SSL handshake_failure while doing Mutual Authentication”