FWIW, In httpclient 4.3.x, I extend the TrustStrategy class to create a "TrustAllTrustStrategy" class and I use this for handling SSL certs.
import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import org.apache.http.conn.ssl.TrustStrategy; /** * When you want to accept all ssl certs, even ones that are not trusted, use this class implementation of the trust strategy. */ public class TrustAllTrustStrategy implements TrustStrategy { @Override public boolean isTrusted(X509Certificate[] chain, String authType) throws CertificateException { return true; // trust everything like the class name says. } } When instantiating the HttpClient class, I set TrustAllTrustStrategy as the TrustStrategy. hth, -Ryan On Sat, Apr 9, 2016 at 12:06 AM, Brent Putman <putm...@georgetown.edu> wrote: > You can set the JSSE system property javax.net.debug to get a lot of > debug output. It will probably tell you why the handshake fails. Try > "javax.net.debug=ssl" or "javax.net.debug=all" . You can see all the > options for that here: > > > http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug > > The output goes to stdout (or stderr, can't remember which). > > > > On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote: > > Thanks a lot, Sam Wilson. > > I'll read it. > > > > It's work well on java 8, but not on java 7 =/ > > From Google Chrome: > > ``` > > Your connection to www.trf5.jus.br is encrypted using a modern cipher > suite. > > The connection uses TLS 1.2. > > The connection is encrypted and authenticated using AES_128_GCM and uses > > ECDHE_RSA as the key exchange mechanism. > > ``` > > > > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <tecywiz...@hotmail.com> > wrote: > > > >> There are quite a few documents out there that go over SSL/TLS. Really > >> depends on what you need to know. Wikipedia might be a good place to > >> start, and there's always google to find out more. I seem to remember > >> Mozilla had some decent high level documentation, but I think they've > >> marked it as out of date. > >> > >> What's happening right now is that you can't complete the SSL handshake > >> for some reason. StackOverflow has a post about someone having a similar > >> problem: http://stackoverflow.com/a/6353956 > >> > >> Hope that helps, > >> Sam > >> > >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote: > >>> I'm a complete noob. Are there resources to help-me understand the > >> problem. > >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <tecywiz...@hotmail.com> > >> wrote: > >>>> You can only turn off as much SSL validation as you control. The > server > >>>> may also terminate a connection (say, for instance, it requires a > client > >>>> SSL certificate.) > >>>> > >>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote: > >>>>> But are there a way to disable the `SSL Verification`? > >>>>> > >>>>> I just wanna to ignore all SSL Verification. > >>>>> > >>>>> Thanks > >>>>> > >>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels < > e...@zusammenkunft.net > >>>>> wrote: > >>>>> > >>>>>> The exception you are showing means the server terminated the > >> handshake > >>>>>> for some reason. Hard to say why. It might require a client cert or > >> does > >>>>>> not like yout proposed ciphers or ssl protocols. > >>>>>> > >>>>>> > >>>>>> > >>>>>> This particular exception seems not related to untrusted > certificates, > >>>>>> your different approaches are both valid to accept all certs (ad > long > >>>> as it > >>>>>> understands a common cipher and certificate type) > >>>>>> > >>>>>> > >>>>>> Gruss > >>>>>> Bernd > >>>>>> -- > >>>>>> http://bernd.eckenfels.net > >>>>>> From Win 10 Mobile > >>>>>> > >>>>>> > >>>>>> > >>>>>> *Von: *Robson Roberto Souza Peixoto <robsonpeix...@gmail.com> > >>>>>> *Gesendet: *Freitag, 8. April 2016 22:16 > >>>>>> *An: *httpclient-users@hc.apache.org > >>>>>> *Betreff: *Trust all certificates > >>>>>> > >>>>>> > >>>>>> > >>>>>> Hi guys, > >>>>>> > >>>>>> > >>>>>> > >>>>>> I'm using the HC to crawler a lot of sites =D. It's working like a > >>>> charm. I > >>>>>> really in love with HC. > >>>>>> > >>>>>> > >>>>>> > >>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException: > >> Received > >>>>>> fatal alert: handshake_failure` when I try to access a page with a > >>>> invalid > >>>>>> Certificate. > >>>>>> > >>>>>> > >>>>>> > >>>>>> I googled a lot and tried all solutions, but no one worked. > >>>>>> > >>>>>> Here a gist with my last try: > >>>>>> > >>>>>> > >> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25 > >>>>>> > >>>>>> > >>>>>> Are there a easy solution to trust all certificates of all hosts > with > >>>> HC? > >>>>>> > >>>>>> Thanks > >>>>>> > >>>>>> -- > >>>>>> > >>>>>> Robson Roberto Souza Peixoto > >>>>>> > >>>>>> Robinho > >>>>>> > >>>>>> Master in Computer Science, University of Campinas > >>>>>> > >>>>>> IRC: robsonpeixoto > >>>>>> > >>>>>> Twitter: http://twitter.com/robinhopeixoto > >>>>>> > >>>>>> github: https://github.com/robsonpeixoto > >>>>>> > >>>>>> > >>>>>> > >>>> --------------------------------------------------------------------- > >>>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > >>>> For additional commands, e-mail: httpclient-users-h...@hc.apache.org > >>>> > >>>> -- > >>> Robson Roberto Souza Peixoto > >>> Robinho > >>> Master in Computer Science, University of Campinas > >>> IRC: robsonpeixoto > >>> Twitter: http://twitter.com/robinhopeixoto > >>> github: https://github.com/robsonpeixoto > >>> > >> > >> --------------------------------------------------------------------- > >> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > >> For additional commands, e-mail: httpclient-users-h...@hc.apache.org > >> > >> -- > > Robson Roberto Souza Peixoto > > Robinho > > Master in Computer Science, University of Campinas > > IRC: robsonpeixoto > > Twitter: http://twitter.com/robinhopeixoto > > github: https://github.com/robsonpeixoto > > > >