Why does Java’s SSLSocket send a version 2 client hello?

by

Sun’s JSSE doesn’t support SSLv2 but it supports the SSlv2ClientHello, to support some SSL servers that require it. You can turn it off by removing it from the enabled protocols.

IBM’s JSSE does support SSLv2 entirely.

From the JSSE Reference Guide:

For example, some older server
implementations speak only SSLv3 and
do not understand TLS. Ideally, these
implementations should negotiate to
SSLv3, but some simply hangup. For
backwards compatibility, some server
implementations (such as SunJSSE) send
SSLv3/TLS ClientHellos encapsulated in
a SSLv2 ClientHello packet. Some
servers do not accept this format, in
these cases use setEnabledProtocols to
disable the sending of encapsulated
SSLv2 ClientHellos.

I imagine ‘server implementations’ should read ‘SSL implementations’ above.

EDIT: thanks for citing my book!

More Related Contents:

  1. How can I use different certificates on specific connections?
  2. Java client certificates over HTTPS/SSL
  3. javax.net.ssl.SSLException: Received fatal alert: protocol_version
  4. Registering multiple keystores in JVM [duplicate]
  5. java – path to trustStore – set property doesn’t work?
  6. Keystore type: which one to use?
  7. How to override the cipherlist sent to the server by Android when using HttpsURLConnection?
  8. SSLContext initialization
  9. Setting multiple truststore on the same JVM
  10. Trusting all certificates using HttpClient over HTTPS
  11. How to import an existing X.509 certificate and private key in Java keystore to use in SSL?
  12. why doesn’t java send the client certificate during SSL handshake?
  13. Which Cipher Suites to enable for SSL Socket?
  14. How to fix the “java.security.cert.CertificateException: No subject alternative names present” error?
  15. Import PEM into Java Key Store
  16. Using client/server certificates for two way authentication SSL socket on Android
  17. SSL peer shut down incorrectly in Java
  18. Read RSA private key of format PKCS1 in JAVA
  19. How to ignore PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException?
  20. Jenkins “unable to find valid certification path to requested target” error while importing Git repository
  21. Java SSL connect, add server cert to keystore programmatically
  22. Generate certificates, public and private keys with Java [closed]
  23. Using HTTPS with REST in Java
  24. Using SSLContext with just a CA certificate and no keystore
  25. How to make Java 6, which fails SSL connection with “SSL peer shut down incorrectly”, succeed like Java 7?
  26. How Can I Access an SSL Connection Through Android?
  27. SNI client-side mystery using Java8
  28. SSLSocket ignores domain mismatch
  29. Can we load multiple Certificates & Keys in a Key Store?
  30. Java HttpsURLConnection and TLS 1.2

Leave a Comment