0

We use Java 1.8.0_121 and Apache HTTP client version 4.4.1 on the client side.

I have removed all SHA related ciphers from the server side to improve the application security. For example, I have removed ECDHE-RSA-AES256-SHA.

Unfortunately I started to get SSLHandshakeException (see below). I still have in my server side configuration SHA256, SHA384 ciphers. For example ECDHE-ECDSA-AES128-GCM-SHA256 or ECDHE-RSA-AES256-SHA384. On the client side we use Bouncy Castle provider and it should support these ciphers: https://bouncycastle.org/specifications.html

Why it happens and what should I do to prevent the problem?

Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_121]
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_121]
        at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_121]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.conn.ssl.SSLConnectionSocketFactory.connectSocket(SSLConnectionSocketFactory.java:353) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.connect(DefaultHttpClientConnectionOperator.java:134) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.connect(PoolingHttpClientConnectionManager.java:353) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:380) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) ~[httpclient-4.4.1.jar:4.4.1]
        at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:107) ~[httpclient-4.4.1.jar:4.4.1]

Added

Lets say I understand why I still can use ECDHE-RSA-AES256-SHA. I still do not understand why it fails.

Is ECDHE-RSA-AES256-SHA uses HMAC SHA-1? Where can I find how many bits used by HMAC SHA-1?

Michael
  • 1,467
  • 1
  • 18
  • 36
  • Removing ciphers which use SHA-1 as a HMAC shows the wrong understanding of where SHA-1 should be removed vs. where it can stay. See [Will Google block HMAC-SHA1 along with SHA1 signed certificates?](http://security.stackexchange.com/questions/115728/will-google-block-hmac-sha1-along-with-sha1-signed-certificates). And it is unknown which ciphers *exactly* are still offered by the server vs. which ciphers the client really supports. Note that there might be a difference between what you've configured vs. what the server really offers and thus don't look only at your configuration. – Steffen Ullrich Feb 19 '17 at 08:26
  • Why might be a difference between the configuration vs. what the server really offers? – Michael Feb 19 '17 at 19:07
  • Because the openssl version might not support all the ciphers you have configured. Have you checked the site with [SSLLabs](https://www.ssllabs.com/ssltest/analyze.html)? – Steffen Ullrich Feb 19 '17 at 19:13
  • I have asked additional question http://security.stackexchange.com/questions/151796/can-server-side-communicate-using-cipher-that-not-listed-in-the-ciphersuite – Michael Feb 20 '17 at 14:51
  • Lets say I understand why I still can use ECDHE-RSA-AES256-SHA. I still do not understand why it fails. Is ECDHE-RSA-AES256-SHA uses HMAC SHA-1? Where can I find how many bits used by HMAC SHA-1? – Michael Feb 20 '17 at 15:01
  • See [Wikipedia](https://en.wikipedia.org/wiki/Hash-based_message_authentication_code) for how a HMAC works. From this you can see that the size of the HMAC is the size of the hash-algorithms used, i.e. 20 byte in case of SHA-1. – Steffen Ullrich Feb 20 '17 at 15:23

0 Answers0