Re: Trust all certificates

Fri, 22 Apr 2016 03:52:08 -0700 

Thanks all for the attention.

The AES_128_GCM was implemented only on java 8.
The list of ciphers and the jvm version are here:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites

I have upgraded to java8 and everything are working like charm.

Again, Thanks a lot!

On Sat, Apr 9, 2016 at 8:01 AM R Smith <ryan.justin.sm...@gmail.com> wrote:

> FWIW, In httpclient 4.3.x, I extend the TrustStrategy class to create a
> "TrustAllTrustStrategy" class and I use this for handling SSL certs.
>
> import java.security.cert.CertificateException;
> import java.security.cert.X509Certificate;
>
> import org.apache.http.conn.ssl.TrustStrategy;
> /**
>  * When you want to accept all ssl certs, even ones that are not trusted,
> use this class implementation of the trust strategy.
>  */
> public class TrustAllTrustStrategy implements TrustStrategy {
> @Override
> public boolean isTrusted(X509Certificate[] chain, String authType) throws
> CertificateException {
> return true; // trust everything like the class name says.
> }
> }
>
> When instantiating the HttpClient class, I set TrustAllTrustStrategy as the
> TrustStrategy.
>
> hth, -Ryan
>
> On Sat, Apr 9, 2016 at 12:06 AM, Brent Putman <putm...@georgetown.edu>
> wrote:
>
> > You can set the JSSE system property javax.net.debug to get a lot of
> > debug output.  It will probably tell you why the handshake fails.  Try
> > "javax.net.debug=ssl" or "javax.net.debug=all" .   You can see all the
> > options for that here:
> >
> >
> >
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
> >
> > The output goes to stdout (or stderr, can't remember which).
> >
> >
> >
> > On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> > > Thanks a lot, Sam Wilson.
> > > I'll read it.
> > >
> > > It's work well on java 8, but not on java 7 =/
> > > From Google Chrome:
> > > ```
> > > Your connection to www.trf5.jus.br is encrypted using a modern cipher
> > suite.
> > > The connection uses TLS 1.2.
> > > The connection is encrypted and authenticated using AES_128_GCM and
> uses
> > > ECDHE_RSA as the key exchange mechanism.
> > > ```
> > >
> > > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <tecywiz...@hotmail.com>
> > wrote:
> > >
> > >> There are quite a few documents out there that go over SSL/TLS. Really
> > >> depends on what you need to know. Wikipedia might be a good place to
> > >> start, and there's always google to find out more. I seem to remember
> > >> Mozilla had some decent high level documentation, but I think they've
> > >> marked it as out of date.
> > >>
> > >> What's happening right now is that you can't complete the SSL
> handshake
> > >> for some reason. StackOverflow has a post about someone having a
> similar
> > >> problem: http://stackoverflow.com/a/6353956
> > >>
> > >> Hope that helps,
> > >> Sam
> > >>
> > >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> > >>> I'm a complete noob. Are there resources to help-me understand the
> > >> problem.
> > >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <tecywiz...@hotmail.com>
> > >> wrote:
> > >>>> You can only turn off as much SSL validation as you control. The
> > server
> > >>>> may also terminate a connection (say, for instance, it requires a
> > client
> > >>>> SSL certificate.)
> > >>>>
> > >>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> > >>>>> But are there a way to disable the `SSL Verification`?
> > >>>>>
> > >>>>> I just wanna to ignore all SSL Verification.
> > >>>>>
> > >>>>> Thanks
> > >>>>>
> > >>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <
> > e...@zusammenkunft.net
> > >>>>> wrote:
> > >>>>>
> > >>>>>> The exception you are showing means the server terminated the
> > >> handshake
> > >>>>>> for some reason. Hard to say why. It might require a client cert
> or
> > >> does
> > >>>>>> not like yout proposed ciphers or ssl protocols.
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> This particular exception seems not related to untrusted
> > certificates,
> > >>>>>> your different approaches are both valid to accept all certs (ad
> > long
> > >>>> as it
> > >>>>>> understands a common cipher and certificate type)
> > >>>>>>
> > >>>>>>
> > >>>>>> Gruss
> > >>>>>> Bernd
> > >>>>>> --
> > >>>>>> http://bernd.eckenfels.net
> > >>>>>>   From Win 10 Mobile
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> *Von: *Robson Roberto Souza Peixoto <robsonpeix...@gmail.com>
> > >>>>>> *Gesendet: *Freitag, 8. April 2016 22:16
> > >>>>>> *An: *httpclient-users@hc.apache.org
> > >>>>>> *Betreff: *Trust all certificates
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> Hi guys,
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> I'm using the HC to crawler a lot of sites =D. It's working like a
> > >>>> charm. I
> > >>>>>> really in love with HC.
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> > >> Received
> > >>>>>> fatal alert: handshake_failure` when I try to access a page with a
> > >>>> invalid
> > >>>>>> Certificate.
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> I googled a lot and tried all solutions, but no one worked.
> > >>>>>>
> > >>>>>> Here a gist with my last try:
> > >>>>>>
> > >>>>>>
> > >>
> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> > >>>>>>
> > >>>>>>
> > >>>>>> Are there a easy solution to trust all certificates of all hosts
> > with
> > >>>> HC?
> > >>>>>>
> > >>>>>> Thanks
> > >>>>>>
> > >>>>>> --
> > >>>>>>
> > >>>>>> Robson Roberto Souza Peixoto
> > >>>>>>
> > >>>>>> Robinho
> > >>>>>>
> > >>>>>> Master in Computer Science, University of Campinas
> > >>>>>>
> > >>>>>> IRC: robsonpeixoto
> > >>>>>>
> > >>>>>> Twitter: http://twitter.com/robinhopeixoto
> > >>>>>>
> > >>>>>> github: https://github.com/robsonpeixoto
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>
> ---------------------------------------------------------------------
> > >>>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> > >>>> For additional commands, e-mail:
> httpclient-users-h...@hc.apache.org
> > >>>>
> > >>>> --
> > >>> Robson Roberto Souza Peixoto
> > >>> Robinho
> > >>> Master in Computer Science, University of Campinas
> > >>> IRC: robsonpeixoto
> > >>> Twitter: http://twitter.com/robinhopeixoto
> > >>> github: https://github.com/robsonpeixoto
> > >>>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> > >> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
> > >>
> > >> --
> > > Robson Roberto Souza Peixoto
> > > Robinho
> > > Master in Computer Science, University of Campinas
> > > IRC: robsonpeixoto
> > > Twitter: http://twitter.com/robinhopeixoto
> > > github: https://github.com/robsonpeixoto
> > >
> >
> >
>
-- 
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto

Reply via email to