Thanks all for the attention. The AES_128_GCM was implemented only on java 8. The list of ciphers and the jvm version are here: http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites
I have upgraded to java8 and everything are working like charm. Again, Thanks a lot! On Sat, Apr 9, 2016 at 8:01 AM R Smith <ryan.justin.sm...@gmail.com> wrote: > FWIW, In httpclient 4.3.x, I extend the TrustStrategy class to create a > "TrustAllTrustStrategy" class and I use this for handling SSL certs. > > import java.security.cert.CertificateException; > import java.security.cert.X509Certificate; > > import org.apache.http.conn.ssl.TrustStrategy; > /** > * When you want to accept all ssl certs, even ones that are not trusted, > use this class implementation of the trust strategy. > */ > public class TrustAllTrustStrategy implements TrustStrategy { > @Override > public boolean isTrusted(X509Certificate[] chain, String authType) throws > CertificateException { > return true; // trust everything like the class name says. > } > } > > When instantiating the HttpClient class, I set TrustAllTrustStrategy as the > TrustStrategy. > > hth, -Ryan > > On Sat, Apr 9, 2016 at 12:06 AM, Brent Putman <putm...@georgetown.edu> > wrote: > > > You can set the JSSE system property javax.net.debug to get a lot of > > debug output. It will probably tell you why the handshake fails. Try > > "javax.net.debug=ssl" or "javax.net.debug=all" . You can see all the > > options for that here: > > > > > > > http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug > > > > The output goes to stdout (or stderr, can't remember which). > > > > > > > > On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote: > > > Thanks a lot, Sam Wilson. > > > I'll read it. > > > > > > It's work well on java 8, but not on java 7 =/ > > > From Google Chrome: > > > ``` > > > Your connection to www.trf5.jus.br is encrypted using a modern cipher > > suite. > > > The connection uses TLS 1.2. > > > The connection is encrypted and authenticated using AES_128_GCM and > uses > > > ECDHE_RSA as the key exchange mechanism. > > > ``` > > > > > > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <tecywiz...@hotmail.com> > > wrote: > > > > > >> There are quite a few documents out there that go over SSL/TLS. Really > > >> depends on what you need to know. Wikipedia might be a good place to > > >> start, and there's always google to find out more. I seem to remember > > >> Mozilla had some decent high level documentation, but I think they've > > >> marked it as out of date. > > >> > > >> What's happening right now is that you can't complete the SSL > handshake > > >> for some reason. StackOverflow has a post about someone having a > similar > > >> problem: http://stackoverflow.com/a/6353956 > > >> > > >> Hope that helps, > > >> Sam > > >> > > >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote: > > >>> I'm a complete noob. Are there resources to help-me understand the > > >> problem. > > >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <tecywiz...@hotmail.com> > > >> wrote: > > >>>> You can only turn off as much SSL validation as you control. The > > server > > >>>> may also terminate a connection (say, for instance, it requires a > > client > > >>>> SSL certificate.) > > >>>> > > >>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote: > > >>>>> But are there a way to disable the `SSL Verification`? > > >>>>> > > >>>>> I just wanna to ignore all SSL Verification. > > >>>>> > > >>>>> Thanks > > >>>>> > > >>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels < > > e...@zusammenkunft.net > > >>>>> wrote: > > >>>>> > > >>>>>> The exception you are showing means the server terminated the > > >> handshake > > >>>>>> for some reason. Hard to say why. It might require a client cert > or > > >> does > > >>>>>> not like yout proposed ciphers or ssl protocols. > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> This particular exception seems not related to untrusted > > certificates, > > >>>>>> your different approaches are both valid to accept all certs (ad > > long > > >>>> as it > > >>>>>> understands a common cipher and certificate type) > > >>>>>> > > >>>>>> > > >>>>>> Gruss > > >>>>>> Bernd > > >>>>>> -- > > >>>>>> http://bernd.eckenfels.net > > >>>>>> From Win 10 Mobile > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> *Von: *Robson Roberto Souza Peixoto <robsonpeix...@gmail.com> > > >>>>>> *Gesendet: *Freitag, 8. April 2016 22:16 > > >>>>>> *An: *httpclient-users@hc.apache.org > > >>>>>> *Betreff: *Trust all certificates > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> Hi guys, > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> I'm using the HC to crawler a lot of sites =D. It's working like a > > >>>> charm. I > > >>>>>> really in love with HC. > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException: > > >> Received > > >>>>>> fatal alert: handshake_failure` when I try to access a page with a > > >>>> invalid > > >>>>>> Certificate. > > >>>>>> > > >>>>>> > > >>>>>> > > >>>>>> I googled a lot and tried all solutions, but no one worked. > > >>>>>> > > >>>>>> Here a gist with my last try: > > >>>>>> > > >>>>>> > > >> > https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25 > > >>>>>> > > >>>>>> > > >>>>>> Are there a easy solution to trust all certificates of all hosts > > with > > >>>> HC? > > >>>>>> > > >>>>>> Thanks > > >>>>>> > > >>>>>> -- > > >>>>>> > > >>>>>> Robson Roberto Souza Peixoto > > >>>>>> > > >>>>>> Robinho > > >>>>>> > > >>>>>> Master in Computer Science, University of Campinas > > >>>>>> > > >>>>>> IRC: robsonpeixoto > > >>>>>> > > >>>>>> Twitter: http://twitter.com/robinhopeixoto > > >>>>>> > > >>>>>> github: https://github.com/robsonpeixoto > > >>>>>> > > >>>>>> > > >>>>>> > > >>>> > --------------------------------------------------------------------- > > >>>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > >>>> For additional commands, e-mail: > httpclient-users-h...@hc.apache.org > > >>>> > > >>>> -- > > >>> Robson Roberto Souza Peixoto > > >>> Robinho > > >>> Master in Computer Science, University of Campinas > > >>> IRC: robsonpeixoto > > >>> Twitter: http://twitter.com/robinhopeixoto > > >>> github: https://github.com/robsonpeixoto > > >>> > > >> > > >> --------------------------------------------------------------------- > > >> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org > > >> For additional commands, e-mail: httpclient-users-h...@hc.apache.org > > >> > > >> -- > > > Robson Roberto Souza Peixoto > > > Robinho > > > Master in Computer Science, University of Campinas > > > IRC: robsonpeixoto > > > Twitter: http://twitter.com/robinhopeixoto > > > github: https://github.com/robsonpeixoto > > > > > > > > -- Robson Roberto Souza Peixoto Robinho Master in Computer Science, University of Campinas IRC: robsonpeixoto Twitter: http://twitter.com/robinhopeixoto github: https://github.com/robsonpeixoto