javax net ssl SSLException Received fatal alert protocol version

Question

Has anyone encountered this error before   I m new to SSL  is there anything obviously wrong with my ClientHello that I m missing   That exception is thrown with no ServerHello response   Any advice is appreciated       ClientHello  TLSv1 RandomCookie   GMT  1351745496 bytes     154  151  225  128  127  137  198  245  160  35  124  13  135  120  33  240  82  223  56  25  207  231  231  124  103  205  66  218   Session ID      Cipher Suites   SSL RSA WITH RC4 128 MD5  SSL RSA WITH RC4 128 SHA  TLS RSA WITH AES 128 CBC SHA  TLS DHE RSA WITH AES 128 CBC SHA  TLS DHE DSS WITH AES 128 CBC SHA  SSL RSA WITH 3DES EDE CBC SHA  SSL DHE RSA WITH 3DES EDE CBC SHA  SSL DHE DSS WITH 3DES EDE CBC SHA  SSL RSA WITH DES CBC SHA  SSL DHE RSA WITH DES CBC SHA  SSL DHE DSS WITH DES CBC SHA  SSL RSA EXPORT WITH RC4 40 MD5  SSL RSA EXPORT WITH DES40 CBC SHA  SSL DHE RSA EXPORT WITH DES40 CBC SHA  SSL DHE DSS EXPORT WITH DES40 CBC SHA  TLS EMPTY RENEGOTIATION INFO SCSV  Compression Methods     0        write  MD5 and SHA1 hashes   len   75 0000  01 00 00 47 03 01 51 92   00 D8 9A 97 E1 80 7F 89     G  Q          0010  C6 F5 A0 23 7C 0D 87 78   21 F0 52 DF 38 19 CF E7         x  R 8    0020  E7 7C 67 CD 42 DA 00 00   20 00 04 00 05 00 2F 00    g B            0030  33 00 32 00 0A 00 16 00   13 00 09 00 15 00 12 00  3 2              0040  03 00 08 00 14 00 11 00   FF 01 00                             xxx  WRITE  TLSv1 Handshake  length   75  write  MD5 and SHA1 hashes   len   101 0000  01 03 01 00 3C 00 00 00   20 00 00 04 01 00 80 00       lt             0010  00 05 00 00 2F 00 00 33   00 00 32 00 00 0A 07 00         3  2      0020  C0 00 00 16 00 00 13 00   00 09 06 00 40 00 00 15                   0030  00 00 12 00 00 03 02 00   80 00 00 08 00 00 14 00                   0040  00 11 00 00 FF 51 92 00   D8 9A 97 E1 80 7F 89 C6       Q           0050  F5 A0 23 7C 0D 87 78 21   F0 52 DF 38 19 CF E7 E7        x  R 8     0060  7C 67 CD 42 DA                                      g B  xxx  WRITE  SSLv2 client hello message  length   101  Raw write   length   103 0000  80 65 01 03 01 00 3C 00   00 00 20 00 00 04 01 00   e     lt           0010  80 00 00 05 00 00 2F 00   00 33 00 00 32 00 00 0A           3  2    0020  07 00 C0 00 00 16 00 00   13 00 00 09 06 00 40 00                   0030  00 15 00 00 12 00 00 03   02 00 80 00 00 08 00 00                   0040  14 00 00 11 00 00 FF 51   92 00 D8 9A 97 E1 80 7F         Q         0050  89 C6 F5 A0 23 7C 0D 87   78 21 F0 52 DF 38 19 CF          x  R 8   0060  E7 E7 7C 67 CD 42 DA                                  g B   Raw read   length   5 0000  15 03 01 00 02                                            Raw read   length   2 0000  02 46                                               F    http   xml apache org axis  stackTrace   javax net ssl SSLException  Received fatal alert  protocol version at com sun net ssl internal ssl Alerts getSSLException Alerts java 190  at com sun net ssl internal ssl Alerts getSSLException Alerts java 136  at com sun net ssl internal ssl SSLSocketImpl recvAlert SSLSocketImpl java 1806  at com sun net ssl internal ssl SSLSocketImpl readRecord SSLSocketImpl java 986  at com sun net ssl internal ssl SSLSocketImpl performInitialHandshake SSLSocketImpl java 1170  at com sun net ssl internal ssl SSLSocketImpl startHandshake SSLSocketImpl java 1197  at com sun net ssl internal ssl SSLSocketImpl startHandshake SSLSocketImpl java 1181  at org apache axis components net JSSESocketFactory create JSSESocketFactory java 186  at

User · Answer

For those using the IBM JDK you need to provide this argument to the JVM. -Dcom.ibm.jsse2.overrideDefaultTLS=true

I was using Liberty, so I set this in the jvm.options file.

Reference Documentation

More information on protocols used with IBM Here

User · Answer

I ran into this issue while trying to install a PySpark package  I got around the issue by changing the TLS version with an environment variable   echo  export JAVA TOOL OPTIONS  -Dhttps protocols TLSv1 2    gt  gt     bashrc source    bashrc

User · Answer

public class SecureSocket   static          System setProperty  quot javax net debug quot    quot all quot        System setProperty  quot https protocols quot    quot TLSv1 TLSv1 1 TLSv1 2 quot      public static void main String   args        String GhitHubSSLFile    quot https   raw githubusercontent com Yash-777 SeleniumWebDrivers master pom xml quot       try           String str   readCloudFileAsString GhitHubSSLFile                      new String Files readAllBytes Paths get   quot D  Sample file quot                System out println  quot Cloud File Data    quot   str         catch  IOException e            e printStackTrace            public static String readCloudFileAsString  String urlStr   throws java io IOException       if  urlStr    null  amp  amp  urlStr     quot  quot              java io InputStream s   null          String content   null          try               URL url   new URL  urlStr                s    java io InputStream  url getContent                content   IOUtils toString s   quot UTF-8 quot                                  return content toString              return null     Factory Reset Help

User · Answer

You can try by adding following line to catalina bat after last entry of JAVA OPTS  set JAVA OPTS  JAVA OPTS  -Dhttps protocols TLSv1 2 -Djdk tls client protocols TLSv1 2

User · Answer

Not sure if you found an answer but I had this problem and needed to upgrade TLS version to 1 2   private HttpsURLConnection getSSlConnection String url  String username  String password       SSLContext sc   SSLContext getInstance  TLSv1 2          Create a trust manager that accepts all SSL sites     TrustManager   trustAllCerts   new TrustManager 1      def tm   new X509TrustManager             Override         public void checkClientTrusted X509Certificate   certs  String authType                        Override         public void checkServerTrusted X509Certificate   x509Certificates  String s  throws CertificateException                       Override         X509Certificate   getAcceptedIssuers                 return new X509Certificate 0                      trustAllCerts 0    tm      sc init null  trustAllCerts  new SecureRandom        HttpsURLConnection connection    HttpsURLConnection  getConnection url  username  password      connection setSSLSocketFactory sc getSocketFactory        return connection

User · Answer

I was getting the same error  For Java version 7  following is working for me      java lang System setProperty  https protocols    TLSv1 2

User · Answer

On Java 1 8 default TLS protocol is v1 2  On Java 1 6 and 1 7 default is obsoleted TLS1 0  I get this error on Java 1 8  because url use old TLS1 0  like Your - You see ClientHello  TLSv1   To resolve this error You need to use override defaults for Java 1 8   System setProperty  https protocols    TLSv1      More info on the Oracle blog

User · Answer

marioosh s answer seems to on the right track  It didn t work for me  So I found   Problems connecting via HTTPS SSL through own Java client  which uses   java lang System setProperty  https protocols    TLSv1 TLSv1 1 TLSv1 2      Which seems to be necessary with Java 7 and a TLSv1 2 site    I checked the site with   openssl s client -connect www st nmfs noaa gov 443   using  openssl version OpenSSL 1 0 2l  25 May 2017   and got the result       SSL-Session     Protocol    TLSv1 2    Cipher      ECDHE-RSA-AES256-GCM-SHA384       Please note that and older openssl version on my mac did not work and I had to use the macports one

User · Answer

This is due to the fact that you send a TLSv1 handshake  but then you send a message using SSLv2 protocol   xxx  WRITE  TLSv1 Handshake  length   75 xxx  WRITE  SSLv2 client hello message  length   101   This means that the server expects the TLSv1 protocol to be used and will not accept the connection  Try specifying which protocol to use  or post some relevant code so we can have a look

User · Answer

This seems like a protocol version mismatch  this exception normally happens when there is a mismatch between SSL protocol version used by the client and the server  your clients should use a proctocol version supported by the server

User · Answer

I have got that error after update to JDK 1 8  But the JAVA HOME variable was hard coded furthermore to JDK 1 7  Thew modification solved the problem   set JAVA HOME C  Program Files Java jdk1 8 0 241

User · Answer

marioosh added some extra information regarding cipher suite encryption      A cipher suite is a collection of symmetric and asymmetric encryption algorithms used by hosts to establish a secure communication in Transport Layer Security  TLS    Secure Sockets Layer  SSL  network protocol  Ciphers are algorithms  more specifically they   re a set of steps for both performing encryption as well as the corresponding decryption   A cipher suite specifies one algorithm for each of the following tasks    Key exchange Bulk encryption Message authentication     SocketFactory    Default handshaking protocols    To avoid SSLException use https protocols system property  This contains a comma-separated list of protocol suite names specifying which protocol suites to enable on this HttpsURLConnection  See the SSLSocket setEnabledProtocols String    method     System setProperty  https protocols    SSLv3        OR  System setProperty  https protocols    TLSv1        JAVA8    TLS 1 1 and TLS 1 2 Enabled by Default  The SunJSSE provider enables the protocols TLS 1 1 and TLS 1 2 on the client by default     System setProperty  https protocols    TLSv1 TLSv1 1 TLSv1 2        Example for Java8 Network File     public class SecureSocket       static              System setProperty  javax net debug    all            System setProperty  https protocols    TLSv1 TLSv1 1 TLSv1 2              public static void main String   args            String GhitHubSSLFile    https   raw githubusercontent com Yash-777 SeleniumWebDrivers master pom xml           try               String str   readCloudFileAsString GhitHubSSLFile                          new String Files readAllBytes Paths get   D  Sample file                    System out println  Cloud File Data      str             catch  IOException e                e printStackTrace                        public static String readCloudFileAsString  String urlStr   throws java io IOException           if  urlStr    null  amp  amp  urlStr                       java io InputStream s   null              String content   null              try                   URL url   new URL  urlStr                    s    java io InputStream  url getContent                    content   IOUtils toString s   UTF-8                  finally                   if  s    null  s close                               return content toString                      return null              JDK 8 Security You can customize some aspects of JSSE by setting system properties  By Specifying the below property you can check the encryption data from the file   System setProperty  javax net debug    all      Exception  javax net ssl SSLException  Received fatal alert  protocol version   If handshaking fails for any reason  the SSLSocket is closed  and no further communications can be done   Observer LOG Sample for the above example         ClientHello  TLSv1 2 RandomCookie   GMT  1505482843 bytes     12  11  111  99  8  177  101  27  84  176  147  215  116  208  31  178  141  170  29  118  29  192  61  191  53  201  127  100   Session ID      Cipher Suites   TLS ECDHE ECDSA WITH AES 128 CBC SHA  TLS ECDHE RSA WITH AES 128 CBC SHA  TLS RSA WITH AES 128 CBC SHA  TLS ECDH ECDSA WITH AES 128 CBC SHA  TLS ECDH RSA WITH AES 128 CBC SHA  TLS DHE RSA WITH AES 128 CBC SHA  TLS DHE DSS WITH AES 128 CBC SHA  TLS ECDHE ECDSA WITH 3DES EDE CBC SHA  TLS ECDHE RSA WITH 3DES EDE CBC SHA  SSL RSA WITH 3DES EDE CBC SHA  TLS ECDH ECDSA WITH 3DES EDE CBC SHA  TLS ECDH RSA WITH 3DES EDE CBC SHA  SSL DHE RSA WITH 3DES EDE CBC SHA  SSL DHE DSS WITH 3DES EDE CBC SHA  TLS ECDHE ECDSA WITH RC4 128 SHA  TLS ECDHE RSA WITH RC4 128 SHA  SSL RSA WITH RC4 128 SHA  TLS ECDH ECDSA WITH RC4 128 SHA  TLS ECDH RSA WITH RC4 128 SHA  SSL RSA WITH RC4 128 MD5  TLS EMPTY RENEGOTIATION INFO SCSV  Compression Methods     0   Extension elliptic curves  curve names   secp256r1  sect163k1  sect163r2  secp192r1  secp224r1  sect233k1  sect233r1  sect283k1  sect283r1  secp384r1  sect409k1  sect409r1  secp521r1  sect571k1  sect571r1  secp160k1  secp160r1  secp160r2  sect163r1  secp192k1  sect193r1  sect193r2  secp224k1  sect239k1  secp256k1  Extension ec point formats  formats   uncompressed  Extension signature algorithms  signature algorithms  SHA512withECDSA  SHA512withRSA  SHA384withECDSA  SHA384withRSA  SHA256withECDSA  SHA256withRSA  SHA224withECDSA  SHA224withRSA  SHA1withECDSA  SHA1withRSA  SHA1withDSA  MD5withRSA Extension server name  server name   host name  raw githubusercontent com       write  MD5 and SHA1 hashes   len   213 0000  01 00 00 D1 03 03 5A BC   D8 5B 0C 0B 6F 63 08 B1        Z     oc   0010  65 1B 54 B0 93 D7 74 D0   1F B2 8D AA 1D 76 1D C0  e T   t      v   0020  3D BF 35 C9 7F 64 00 00   2A C0 09 C0 13 00 2F C0    5  d           0030  04 C0 0E 00 33 00 32 C0   08 C0 12 00 0A C0 03 C0      3 2          0040  0D 00 16 00 13 C0 07 C0   11 00 05 C0 02 C0 0C 00                   0050  04 00 FF 01 00 00 7E 00   0A 00 34 00 32 00 17 00            4 2    0060  01 00 03 00 13 00 15 00   06 00 07 00 09 00 0A 00                   0070  18 00 0B 00 0C 00 19 00   0D 00 0E 00 0F 00 10 00                   0080  11 00 02 00 12 00 04 00   05 00 14 00 08 00 16 00                   0090  0B 00 02 01 00 00 0D 00   1A 00 18 06 03 06 01 05                   00A0  03 05 01 04 03 04 01 03   03 03 01 02 03 02 01 02                   00B0  02 01 01 00 00 00 1E 00   1C 00 00 19 72 61 77 2E              raw  00C0  67 69 74 68 75 62 75 73   65 72 63 6F 6E 74 65 6E  githubuserconten 00D0  74 2E 63 6F 6D                                     t com main  WRITE  TLSv1 2 Handshake  length   213  Raw write   length   218 0000  16 03 03 00 D5 01 00 00   D1 03 03 5A BC D8 5B 0C             Z     0010  0B 6F 63 08 B1 65 1B 54   B0 93 D7 74 D0 1F B2 8D   oc  e T   t     0020  AA 1D 76 1D C0 3D BF 35   C9 7F 64 00 00 2A C0 09    v    5  d      0030  C0 13 00 2F C0 04 C0 0E   00 33 00 32 C0 08 C0 12           3 2     0040  00 0A C0 03 C0 0D 00 16   00 13 C0 07 C0 11 00 05                   0050  C0 02 C0 0C 00 04 00 FF   01 00 00 7E 00 0A 00 34                 4 0060  00 32 00 17 00 01 00 03   00 13 00 15 00 06 00 07   2               0070  00 09 00 0A 00 18 00 0B   00 0C 00 19 00 0D 00 0E                   0080  00 0F 00 10 00 11 00 02   00 12 00 04 00 05 00 14                   0090  00 08 00 16 00 0B 00 02   01 00 00 0D 00 1A 00 18                   00A0  06 03 06 01 05 03 05 01   04 03 04 01 03 03 03 01                   00B0  02 03 02 01 02 02 01 01   00 00 00 1E 00 1C 00 00                   00C0  19 72 61 77 2E 67 69 74   68 75 62 75 73 65 72 63   raw githubuserc 00D0  6F 6E 74 65 6E 74 2E 63   6F 6D                    ontent com  Raw read   length   5 0000  16 03 03 00 5D                                               Cryptography and Secure Communication with whatsapp     See   AZURE TLS SSL cipher suites javax net ssl SSLHandshakeException  No appropriate protocol Whatsapp End To End Encryption

User · Answer

I m using apache-tomcat-7 0 70 with jdk1 7 0 45 and none of the solutions here and elsewhere on stackoverflow worked for me  Just sharing this solution as it hopefully might help someone as this is very high on Google s search What worked is doing BOTH of these steps   Starting my tomcat with  quot export JAVA OPTS  quot  JAVA OPTS -Dhttps protocols TLSv1 2 quot  by adding it to tomcat bin setenv sh  Syntax slightly different on Windows   Manually building forcing HttpClients or anything else you need with the TLS1 2 protocol  Context ctx   SSLContexts custom   useProtocol  quot TLSv1 2 quot   build    HttpClient httpClient   HttpClientBuilder create   setSslcontext ctx  build    HttpPost httppost   new HttpPost scsTokenVerificationUrl    List lt NameValuePair gt  paramsAccessToken   new ArrayList lt NameValuePair gt  2   paramsAccessToken add new BasicNameValuePair  quot token quot   token    paramsAccessToken add new BasicNameValuePair  quot client id quot   scsClientId    paramsAccessToken add new BasicNameValuePair  quot secret quot   scsClientSecret    httppost setEntity new UrlEncodedFormEntity paramsAccessToken   quot utf-8 quot        Execute and get the response  HttpResponse httpResponseAccessToken   httpClientAccessToken execute httppost    String responseJsonAccessToken   EntityUtils toString httpResponseAccessToken getEntity

[java] javax.net.ssl.SSLException: Received fatal alert: protocol_version

Examples related to java

Examples related to ssl

Examples related to jsse