hc-httpclient-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brent Putman <putm...@georgetown.edu>
Subject Re: Trust all certificates
Date Sat, 09 Apr 2016 04:06:28 GMT
You can set the JSSE system property javax.net.debug to get a lot of
debug output.  It will probably tell you why the handshake fails.  Try
"javax.net.debug=ssl" or "javax.net.debug=all" .   You can see all the
options for that here:

http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug

The output goes to stdout (or stderr, can't remember which).



On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> Thanks a lot, Sam Wilson.
> I'll read it.
>
> It's work well on java 8, but not on java 7 =/
> From Google Chrome:
> ```
> Your connection to www.trf5.jus.br is encrypted using a modern cipher suite.
> The connection uses TLS 1.2.
> The connection is encrypted and authenticated using AES_128_GCM and uses
> ECDHE_RSA as the key exchange mechanism.
> ```
>
> On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <tecywiz121@hotmail.com> wrote:
>
>> There are quite a few documents out there that go over SSL/TLS. Really
>> depends on what you need to know. Wikipedia might be a good place to
>> start, and there's always google to find out more. I seem to remember
>> Mozilla had some decent high level documentation, but I think they've
>> marked it as out of date.
>>
>> What's happening right now is that you can't complete the SSL handshake
>> for some reason. StackOverflow has a post about someone having a similar
>> problem: http://stackoverflow.com/a/6353956
>>
>> Hope that helps,
>> Sam
>>
>> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
>>> I'm a complete noob. Are there resources to help-me understand the
>> problem.
>>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <tecywiz121@hotmail.com>
>> wrote:
>>>> You can only turn off as much SSL validation as you control. The server
>>>> may also terminate a connection (say, for instance, it requires a client
>>>> SSL certificate.)
>>>>
>>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
>>>>> But are there a way to disable the `SSL Verification`?
>>>>>
>>>>> I just wanna to ignore all SSL Verification.
>>>>>
>>>>> Thanks
>>>>>
>>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <ecki@zusammenkunft.net
>>>>> wrote:
>>>>>
>>>>>> The exception you are showing means the server terminated the
>> handshake
>>>>>> for some reason. Hard to say why. It might require a client cert
or
>> does
>>>>>> not like yout proposed ciphers or ssl protocols.
>>>>>>
>>>>>>
>>>>>>
>>>>>> This particular exception seems not related to untrusted certificates,
>>>>>> your different approaches are both valid to accept all certs (ad
long
>>>> as it
>>>>>> understands a common cipher and certificate type)
>>>>>>
>>>>>>
>>>>>> Gruss
>>>>>> Bernd
>>>>>> --
>>>>>> http://bernd.eckenfels.net
>>>>>>   From Win 10 Mobile
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Von: *Robson Roberto Souza Peixoto <robsonpeixoto@gmail.com>
>>>>>> *Gesendet: *Freitag, 8. April 2016 22:16
>>>>>> *An: *httpclient-users@hc.apache.org
>>>>>> *Betreff: *Trust all certificates
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi guys,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'm using the HC to crawler a lot of sites =D. It's working like
a
>>>> charm. I
>>>>>> really in love with HC.
>>>>>>
>>>>>>
>>>>>>
>>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
>> Received
>>>>>> fatal alert: handshake_failure` when I try to access a page with
a
>>>> invalid
>>>>>> Certificate.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I googled a lot and tried all solutions, but no one worked.
>>>>>>
>>>>>> Here a gist with my last try:
>>>>>>
>>>>>>
>> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
>>>>>>
>>>>>>
>>>>>> Are there a easy solution to trust all certificates of all hosts
with
>>>> HC?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Robson Roberto Souza Peixoto
>>>>>>
>>>>>> Robinho
>>>>>>
>>>>>> Master in Computer Science, University of Campinas
>>>>>>
>>>>>> IRC: robsonpeixoto
>>>>>>
>>>>>> Twitter: http://twitter.com/robinhopeixoto
>>>>>>
>>>>>> github: https://github.com/robsonpeixoto
>>>>>>
>>>>>>
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>>>
>>>> --
>>> Robson Roberto Souza Peixoto
>>> Robinho
>>> Master in Computer Science, University of Campinas
>>> IRC: robsonpeixoto
>>> Twitter: http://twitter.com/robinhopeixoto
>>> github: https://github.com/robsonpeixoto
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>> --
> Robson Roberto Souza Peixoto
> Robinho
> Master in Computer Science, University of Campinas
> IRC: robsonpeixoto
> Twitter: http://twitter.com/robinhopeixoto
> github: https://github.com/robsonpeixoto
>


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message