Problems connecting via HTTPS/SSL through own Java client

by

According to https://www.ssllabs.com, the server supports cipher suites

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA 
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA

They are listed as “unavailable cipher suite” as you can see in the debug messages.

In the JRE/lib/security/local_policy.jar, we see

// Some countries have import limits on crypto strength. This policy file
// is worldwide importable.

grant {
    permission javax.crypto.CryptoPermission "DES", 64;
    permission javax.crypto.CryptoPermission "DESede", *;
    permission javax.crypto.CryptoPermission "RC2", 128, 
                                     "javax.crypto.spec.RC2ParameterSpec", 128;
    permission javax.crypto.CryptoPermission "RC4", 128;
    permission javax.crypto.CryptoPermission "RC5", 128, 
          "javax.crypto.spec.RC5ParameterSpec", *, 12, *;
    permission javax.crypto.CryptoPermission "RSA", *;
    permission javax.crypto.CryptoPermission *, 128;
};

Download and install “(JCE) Unlimited Strength Jurisdiction Policy Files” – http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html – and I can confirm that the problem is solved. The read me file says

Due to import control restrictions of some countries, the version of
the JCE policy files that are bundled in the Java Runtime Environment,
or JRE(TM), 8 environment allow “strong” but limited cryptography to be
used. This download bundle (the one including this README file)
provides “unlimited strength” policy files which contain no
restrictions on cryptographic strengths.

More Related Contents:

  1. Trusting all certificates using HttpClient over HTTPS
  2. Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
  3. Accept server’s self-signed ssl certificate in Java client
  4. Received fatal alert: handshake_failure through SSLHandshakeException
  5. Java: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
  6. Java HTTPS client certificate authentication
  7. Java client certificates over HTTPS/SSL
  8. why doesn’t java send the client certificate during SSL handshake?
  9. Java SSLHandshakeException “no cipher suites in common”
  10. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  11. How to handle invalid SSL certificates with Apache HttpClient? [duplicate]
  12. Simple Java HTTPS server
  13. SSLHandshakeException: No subject alternative names present
  14. HttpGet with HTTPS : SSLPeerUnverifiedException
  15. How to force java server to accept only tls 1.2 and reject tls 1.0 and tls 1.1 connections
  16. Java and HTTPS url connection without downloading certificate
  17. Whats an easy way to totally ignore ssl with java url connections?
  18. How to do an HTTPS POST from Android?
  19. SSLHandshakeException while connecting to a https site
  20. Enabling specific SSL protocols with Android WebViewClient
  21. How can I know if the request to the servlet was executed using HTTP or HTTPS?
  22. Java SSLException: hostname in certificate didn’t match
  23. javax.net.ssl.SSLException: SSL handshake aborted Connection reset by peer while calling webservice Android
  24. How to make Java 6, which fails SSL connection with “SSL peer shut down incorrectly”, succeed like Java 7?
  25. Android SSL HttpGet (No peer certificate) error OR (Connection closed by peer) error
  26. How to extract CN from X509Certificate in Java?
  27. Importing the private-key/public-certificate pair in the Java KeyStore [duplicate]
  28. HTTPS GET (SSL) with Android and self-signed server certificate
  29. JavaMail IMAP over SSL quite slow – Bulk fetching multiple messages
  30. SSL Connection Reset

Leave a Comment