You can set the JSSE system property javax.net.debug to get a lot of debug output. It will probably tell you why the handshake fails. Try "javax.net.debug=ssl" or "javax.net.debug=all" . You can see all the options for that here:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug The output goes to stdout (or stderr, can't remember which). On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote: > Thanks a lot, Sam Wilson. > I'll read it. > > It's work well on java 8, but not on java 7 =/ > From Google Chrome: > ``` > Your connection to www.trf5.jus.br is encrypted using a modern cipher suite. > The connection uses TLS 1.2. > The connection is encrypted and authenticated using AES_128_GCM and uses > ECDHE_RSA as the key exchange mechanism. > ``` > > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <tecywiz...@hotmail.com> wrote: > >> There are quite a few documents out there that go over SSL/TLS. Really >> depends on what you need to know. Wikipedia might be a good place to >> start, and there's always google to find out more. I seem to remember >> Mozilla had some decent high level documentation, but I think they've >> marked it as out of date. >> >> What's happening right now is that you can't complete the SSL handshake >> for some reason. StackOverflow has a post about someone having a similar >> problem: http://stackoverflow.com/a/6353956 >> >> Hope that helps, >> Sam >> >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote: >>> I'm a complete noob. Are there resources to help-me understand the >> problem. >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <tecywiz...@hotmail.com> >> wrote: >>>> You can only turn off as much SSL validation as you control. The server >>>> may also terminate a connection (say, for instance, it requires a client >>>> SSL certificate.) >>>> >>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote: >>>>> But are there a way to disable the `SSL Verification`? >>>>> >>>>> I just wanna to ignore all SSL Verification. >>>>> >>>>> Thanks >>>>> >>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <e...@zusammenkunft.net >>>>> wrote: >>>>> >>>>>> The exception you are showing means the server terminated the >> handshake >>>>>> for some reason. Hard to say why. It might require a client cert or >> does >>>>>> not like yout proposed ciphers or ssl protocols. >>>>>> >>>>>> >>>>>> >>>>>> This particular exception seems not related to untrusted certificates, >>>>>> your different approaches are both valid to accept all certs (ad long >>>> as it >>>>>> understands a common cipher and certificate type) >>>>>> >>>>>> >>>>>> Gruss >>>>>> Bernd >>>>>> -- >>>>>> http://bernd.eckenfels.net >>>>>> From Win 10 Mobile >>>>>> >>>>>> >>>>>> >>>>>> *Von: *Robson Roberto Souza Peixoto <robsonpeix...@gmail.com> >>>>>> *Gesendet: *Freitag, 8. April 2016 22:16 >>>>>> *An: *httpclient-users@hc.apache.org >>>>>> *Betreff: *Trust all certificates >>>>>> >>>>>> >>>>>> >>>>>> Hi guys, >>>>>> >>>>>> >>>>>> >>>>>> I'm using the HC to crawler a lot of sites =D. It's working like a >>>> charm. I >>>>>> really in love with HC. >>>>>> >>>>>> >>>>>> >>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException: >> Received >>>>>> fatal alert: handshake_failure` when I try to access a page with a >>>> invalid >>>>>> Certificate. >>>>>> >>>>>> >>>>>> >>>>>> I googled a lot and tried all solutions, but no one worked. >>>>>> >>>>>> Here a gist with my last try: >>>>>> >>>>>> >> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25 >>>>>> >>>>>> >>>>>> Are there a easy solution to trust all certificates of all hosts with >>>> HC? >>>>>> >>>>>> Thanks >>>>>> >>>>>> -- >>>>>> >>>>>> Robson Roberto Souza Peixoto >>>>>> >>>>>> Robinho >>>>>> >>>>>> Master in Computer Science, University of Campinas >>>>>> >>>>>> IRC: robsonpeixoto >>>>>> >>>>>> Twitter: http://twitter.com/robinhopeixoto >>>>>> >>>>>> github: https://github.com/robsonpeixoto >>>>>> >>>>>> >>>>>> >>>> --------------------------------------------------------------------- >>>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org >>>> For additional commands, e-mail: httpclient-users-h...@hc.apache.org >>>> >>>> -- >>> Robson Roberto Souza Peixoto >>> Robinho >>> Master in Computer Science, University of Campinas >>> IRC: robsonpeixoto >>> Twitter: http://twitter.com/robinhopeixoto >>> github: https://github.com/robsonpeixoto >>> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org >> For additional commands, e-mail: httpclient-users-h...@hc.apache.org >> >> -- > Robson Roberto Souza Peixoto > Robinho > Master in Computer Science, University of Campinas > IRC: robsonpeixoto > Twitter: http://twitter.com/robinhopeixoto > github: https://github.com/robsonpeixoto >
