Re: Trust all certificates

2016-04-22 Thread Robson Roberto Souza Peixoto
Thanks all for the attention.

The AES_128_GCM was implemented only on java 8.
The list of ciphers and the jvm version are here:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites

I have upgraded to java8 and everything are working like charm.

Again, Thanks a lot!

On Sat, Apr 9, 2016 at 8:01 AM R Smith  wrote:

> FWIW, In httpclient 4.3.x, I extend the TrustStrategy class to create a
> "TrustAllTrustStrategy" class and I use this for handling SSL certs.
>
> import java.security.cert.CertificateException;
> import java.security.cert.X509Certificate;
>
> import org.apache.http.conn.ssl.TrustStrategy;
> /**
>  * When you want to accept all ssl certs, even ones that are not trusted,
> use this class implementation of the trust strategy.
>  */
> public class TrustAllTrustStrategy implements TrustStrategy {
> @Override
> public boolean isTrusted(X509Certificate[] chain, String authType) throws
> CertificateException {
> return true; // trust everything like the class name says.
> }
> }
>
> When instantiating the HttpClient class, I set TrustAllTrustStrategy as the
> TrustStrategy.
>
> hth, -Ryan
>
> On Sat, Apr 9, 2016 at 12:06 AM, Brent Putman 
> wrote:
>
> > You can set the JSSE system property javax.net.debug to get a lot of
> > debug output.  It will probably tell you why the handshake fails.  Try
> > "javax.net.debug=ssl" or "javax.net.debug=all" .   You can see all the
> > options for that here:
> >
> >
> >
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
> >
> > The output goes to stdout (or stderr, can't remember which).
> >
> >
> >
> > On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> > > Thanks a lot, Sam Wilson.
> > > I'll read it.
> > >
> > > It's work well on java 8, but not on java 7 =/
> > > From Google Chrome:
> > > ```
> > > Your connection to www.trf5.jus.br is encrypted using a modern cipher
> > suite.
> > > The connection uses TLS 1.2.
> > > The connection is encrypted and authenticated using AES_128_GCM and
> uses
> > > ECDHE_RSA as the key exchange mechanism.
> > > ```
> > >
> > > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson 
> > wrote:
> > >
> > >> There are quite a few documents out there that go over SSL/TLS. Really
> > >> depends on what you need to know. Wikipedia might be a good place to
> > >> start, and there's always google to find out more. I seem to remember
> > >> Mozilla had some decent high level documentation, but I think they've
> > >> marked it as out of date.
> > >>
> > >> What's happening right now is that you can't complete the SSL
> handshake
> > >> for some reason. StackOverflow has a post about someone having a
> similar
> > >> problem: http://stackoverflow.com/a/6353956
> > >>
> > >> Hope that helps,
> > >> Sam
> > >>
> > >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> > >>> I'm a complete noob. Are there resources to help-me understand the
> > >> problem.
> > >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson 
> > >> wrote:
> >  You can only turn off as much SSL validation as you control. The
> > server
> >  may also terminate a connection (say, for instance, it requires a
> > client
> >  SSL certificate.)
> > 
> >  On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> > > But are there a way to disable the `SSL Verification`?
> > >
> > > I just wanna to ignore all SSL Verification.
> > >
> > > Thanks
> > >
> > > On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <
> > e...@zusammenkunft.net
> > > wrote:
> > >
> > >> The exception you are showing means the server terminated the
> > >> handshake
> > >> for some reason. Hard to say why. It might require a client cert
> or
> > >> does
> > >> not like yout proposed ciphers or ssl protocols.
> > >>
> > >>
> > >>
> > >> This particular exception seems not related to untrusted
> > certificates,
> > >> your different approaches are both valid to accept all certs (ad
> > long
> >  as it
> > >> understands a common cipher and certificate type)
> > >>
> > >>
> > >> Gruss
> > >> Bernd
> > >> --
> > >> http://bernd.eckenfels.net
> > >>   From Win 10 Mobile
> > >>
> > >>
> > >>
> > >> *Von: *Robson Roberto Souza Peixoto 
> > >> *Gesendet: *Freitag, 8. April 2016 22:16
> > >> *An: *httpclient-users@hc.apache.org
> > >> *Betreff: *Trust all certificates
> > >>
> > >>
> > >>
> > >> Hi guys,
> > >>
> > >>
> > >>
> > >> I'm using the HC to crawler a lot of sites =D. It's working like a
> >  charm. I
> > >> really in love with HC.
> > >>
> > >>
> > >>
> > >> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> > >> Received
> > >> fatal alert: handshake_failure` when I try to access 

Re: Trust all certificates

2016-04-09 Thread R Smith
FWIW, In httpclient 4.3.x, I extend the TrustStrategy class to create a
"TrustAllTrustStrategy" class and I use this for handling SSL certs.

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import org.apache.http.conn.ssl.TrustStrategy;
/**
 * When you want to accept all ssl certs, even ones that are not trusted,
use this class implementation of the trust strategy.
 */
public class TrustAllTrustStrategy implements TrustStrategy {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws
CertificateException {
return true; // trust everything like the class name says.
}
}

When instantiating the HttpClient class, I set TrustAllTrustStrategy as the
TrustStrategy.

hth, -Ryan

On Sat, Apr 9, 2016 at 12:06 AM, Brent Putman 
wrote:

> You can set the JSSE system property javax.net.debug to get a lot of
> debug output.  It will probably tell you why the handshake fails.  Try
> "javax.net.debug=ssl" or "javax.net.debug=all" .   You can see all the
> options for that here:
>
>
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
>
> The output goes to stdout (or stderr, can't remember which).
>
>
>
> On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> > Thanks a lot, Sam Wilson.
> > I'll read it.
> >
> > It's work well on java 8, but not on java 7 =/
> > From Google Chrome:
> > ```
> > Your connection to www.trf5.jus.br is encrypted using a modern cipher
> suite.
> > The connection uses TLS 1.2.
> > The connection is encrypted and authenticated using AES_128_GCM and uses
> > ECDHE_RSA as the key exchange mechanism.
> > ```
> >
> > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson 
> wrote:
> >
> >> There are quite a few documents out there that go over SSL/TLS. Really
> >> depends on what you need to know. Wikipedia might be a good place to
> >> start, and there's always google to find out more. I seem to remember
> >> Mozilla had some decent high level documentation, but I think they've
> >> marked it as out of date.
> >>
> >> What's happening right now is that you can't complete the SSL handshake
> >> for some reason. StackOverflow has a post about someone having a similar
> >> problem: http://stackoverflow.com/a/6353956
> >>
> >> Hope that helps,
> >> Sam
> >>
> >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> >>> I'm a complete noob. Are there resources to help-me understand the
> >> problem.
> >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson 
> >> wrote:
>  You can only turn off as much SSL validation as you control. The
> server
>  may also terminate a connection (say, for instance, it requires a
> client
>  SSL certificate.)
> 
>  On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> > But are there a way to disable the `SSL Verification`?
> >
> > I just wanna to ignore all SSL Verification.
> >
> > Thanks
> >
> > On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <
> e...@zusammenkunft.net
> > wrote:
> >
> >> The exception you are showing means the server terminated the
> >> handshake
> >> for some reason. Hard to say why. It might require a client cert or
> >> does
> >> not like yout proposed ciphers or ssl protocols.
> >>
> >>
> >>
> >> This particular exception seems not related to untrusted
> certificates,
> >> your different approaches are both valid to accept all certs (ad
> long
>  as it
> >> understands a common cipher and certificate type)
> >>
> >>
> >> Gruss
> >> Bernd
> >> --
> >> http://bernd.eckenfels.net
> >>   From Win 10 Mobile
> >>
> >>
> >>
> >> *Von: *Robson Roberto Souza Peixoto 
> >> *Gesendet: *Freitag, 8. April 2016 22:16
> >> *An: *httpclient-users@hc.apache.org
> >> *Betreff: *Trust all certificates
> >>
> >>
> >>
> >> Hi guys,
> >>
> >>
> >>
> >> I'm using the HC to crawler a lot of sites =D. It's working like a
>  charm. I
> >> really in love with HC.
> >>
> >>
> >>
> >> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> >> Received
> >> fatal alert: handshake_failure` when I try to access a page with a
>  invalid
> >> Certificate.
> >>
> >>
> >>
> >> I googled a lot and tried all solutions, but no one worked.
> >>
> >> Here a gist with my last try:
> >>
> >>
> >> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> >>
> >>
> >> Are there a easy solution to trust all certificates of all hosts
> with
>  HC?
> >>
> >> Thanks
> >>
> >> --
> >>
> >> Robson Roberto Souza Peixoto
> >>
> >> Robinho
> >>
> >> Master in Computer Science, University of Campinas
> >>
> >> IRC: robsonpeixoto
> >>
> >> Twitter: 

Re: Trust all certificates

2016-04-08 Thread Brent Putman
You can set the JSSE system property javax.net.debug to get a lot of
debug output.  It will probably tell you why the handshake fails.  Try
"javax.net.debug=ssl" or "javax.net.debug=all" .   You can see all the
options for that here:

http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug

The output goes to stdout (or stderr, can't remember which).



On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> Thanks a lot, Sam Wilson.
> I'll read it.
>
> It's work well on java 8, but not on java 7 =/
> From Google Chrome:
> ```
> Your connection to www.trf5.jus.br is encrypted using a modern cipher suite.
> The connection uses TLS 1.2.
> The connection is encrypted and authenticated using AES_128_GCM and uses
> ECDHE_RSA as the key exchange mechanism.
> ```
>
> On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson  wrote:
>
>> There are quite a few documents out there that go over SSL/TLS. Really
>> depends on what you need to know. Wikipedia might be a good place to
>> start, and there's always google to find out more. I seem to remember
>> Mozilla had some decent high level documentation, but I think they've
>> marked it as out of date.
>>
>> What's happening right now is that you can't complete the SSL handshake
>> for some reason. StackOverflow has a post about someone having a similar
>> problem: http://stackoverflow.com/a/6353956
>>
>> Hope that helps,
>> Sam
>>
>> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
>>> I'm a complete noob. Are there resources to help-me understand the
>> problem.
>>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson 
>> wrote:
 You can only turn off as much SSL validation as you control. The server
 may also terminate a connection (say, for instance, it requires a client
 SSL certificate.)

 On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> But are there a way to disable the `SSL Verification`?
>
> I just wanna to ignore all SSL Verification.
>
> Thanks
>
> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels  wrote:
>
>> The exception you are showing means the server terminated the
>> handshake
>> for some reason. Hard to say why. It might require a client cert or
>> does
>> not like yout proposed ciphers or ssl protocols.
>>
>>
>>
>> This particular exception seems not related to untrusted certificates,
>> your different approaches are both valid to accept all certs (ad long
 as it
>> understands a common cipher and certificate type)
>>
>>
>> Gruss
>> Bernd
>> --
>> http://bernd.eckenfels.net
>>   From Win 10 Mobile
>>
>>
>>
>> *Von: *Robson Roberto Souza Peixoto 
>> *Gesendet: *Freitag, 8. April 2016 22:16
>> *An: *httpclient-users@hc.apache.org
>> *Betreff: *Trust all certificates
>>
>>
>>
>> Hi guys,
>>
>>
>>
>> I'm using the HC to crawler a lot of sites =D. It's working like a
 charm. I
>> really in love with HC.
>>
>>
>>
>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
>> Received
>> fatal alert: handshake_failure` when I try to access a page with a
 invalid
>> Certificate.
>>
>>
>>
>> I googled a lot and tried all solutions, but no one worked.
>>
>> Here a gist with my last try:
>>
>>
>> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
>>
>>
>> Are there a easy solution to trust all certificates of all hosts with
 HC?
>>
>> Thanks
>>
>> --
>>
>> Robson Roberto Souza Peixoto
>>
>> Robinho
>>
>> Master in Computer Science, University of Campinas
>>
>> IRC: robsonpeixoto
>>
>> Twitter: http://twitter.com/robinhopeixoto
>>
>> github: https://github.com/robsonpeixoto
>>
>>
>>
 -
 To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
 For additional commands, e-mail: httpclient-users-h...@hc.apache.org

 --
>>> Robson Roberto Souza Peixoto
>>> Robinho
>>> Master in Computer Science, University of Campinas
>>> IRC: robsonpeixoto
>>> Twitter: http://twitter.com/robinhopeixoto
>>> github: https://github.com/robsonpeixoto
>>>
>>
>> -
>> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
>> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>>
>> --
> Robson Roberto Souza Peixoto
> Robinho
> Master in Computer Science, University of Campinas
> IRC: robsonpeixoto
> Twitter: http://twitter.com/robinhopeixoto
> github: https://github.com/robsonpeixoto
>



Re: Trust all certificates

2016-04-08 Thread Bernd Eckenfels
Hello,

I suspect it is a problem with too short DH keys offered by Java 7
clients. You can try to turn TLS_DHE_* ciphers off.

According to SSL Labs it does also support ECDHE which should then work
fine.

https://www.ssllabs.com/ssltest/analyze.html?d=www.trf5.jus.br=189.39.123.181

Gruss
Bernd



Am Fri, 08 Apr 2016 23:29:42 +
schrieb Robson Roberto Souza Peixoto :

> It's work well on java 8, but not on java 7 =/

-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org



Re: Trust all certificates

2016-04-08 Thread Robson Roberto Souza Peixoto
Thanks a lot, Sam Wilson.
I'll read it.

It's work well on java 8, but not on java 7 =/
>From Google Chrome:
```
Your connection to www.trf5.jus.br is encrypted using a modern cipher suite.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses
ECDHE_RSA as the key exchange mechanism.
```

On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson  wrote:

> There are quite a few documents out there that go over SSL/TLS. Really
> depends on what you need to know. Wikipedia might be a good place to
> start, and there's always google to find out more. I seem to remember
> Mozilla had some decent high level documentation, but I think they've
> marked it as out of date.
>
> What's happening right now is that you can't complete the SSL handshake
> for some reason. StackOverflow has a post about someone having a similar
> problem: http://stackoverflow.com/a/6353956
>
> Hope that helps,
> Sam
>
> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> > I'm a complete noob. Are there resources to help-me understand the
> problem.
> >
> > On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson 
> wrote:
> >
> >> You can only turn off as much SSL validation as you control. The server
> >> may also terminate a connection (say, for instance, it requires a client
> >> SSL certificate.)
> >>
> >> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> >>> But are there a way to disable the `SSL Verification`?
> >>>
> >>> I just wanna to ignore all SSL Verification.
> >>>
> >>> Thanks
> >>>
> >>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels  >
> >>> wrote:
> >>>
>  The exception you are showing means the server terminated the
> handshake
>  for some reason. Hard to say why. It might require a client cert or
> does
>  not like yout proposed ciphers or ssl protocols.
> 
> 
> 
>  This particular exception seems not related to untrusted certificates,
>  your different approaches are both valid to accept all certs (ad long
> >> as it
>  understands a common cipher and certificate type)
> 
> 
>  Gruss
>  Bernd
>  --
>  http://bernd.eckenfels.net
>    From Win 10 Mobile
> 
> 
> 
>  *Von: *Robson Roberto Souza Peixoto 
>  *Gesendet: *Freitag, 8. April 2016 22:16
>  *An: *httpclient-users@hc.apache.org
>  *Betreff: *Trust all certificates
> 
> 
> 
>  Hi guys,
> 
> 
> 
>  I'm using the HC to crawler a lot of sites =D. It's working like a
> >> charm. I
>  really in love with HC.
> 
> 
> 
>  But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> Received
> 
>  fatal alert: handshake_failure` when I try to access a page with a
> >> invalid
>  Certificate.
> 
> 
> 
>  I googled a lot and tried all solutions, but no one worked.
> 
>  Here a gist with my last try:
> 
> 
> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> 
> 
> 
>  Are there a easy solution to trust all certificates of all hosts with
> >> HC?
> 
> 
>  Thanks
> 
>  --
> 
>  Robson Roberto Souza Peixoto
> 
>  Robinho
> 
>  Master in Computer Science, University of Campinas
> 
>  IRC: robsonpeixoto
> 
>  Twitter: http://twitter.com/robinhopeixoto
> 
>  github: https://github.com/robsonpeixoto
> 
> 
> 
> >>
> >> -
> >> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
> >>
> >> --
> > Robson Roberto Souza Peixoto
> > Robinho
> > Master in Computer Science, University of Campinas
> > IRC: robsonpeixoto
> > Twitter: http://twitter.com/robinhopeixoto
> > github: https://github.com/robsonpeixoto
> >
>
>
> -
> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>
> --
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto


Re: Trust all certificates

2016-04-08 Thread Sam Wilson
There are quite a few documents out there that go over SSL/TLS. Really 
depends on what you need to know. Wikipedia might be a good place to 
start, and there's always google to find out more. I seem to remember 
Mozilla had some decent high level documentation, but I think they've 
marked it as out of date.


What's happening right now is that you can't complete the SSL handshake 
for some reason. StackOverflow has a post about someone having a similar 
problem: http://stackoverflow.com/a/6353956


Hope that helps,
Sam

On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:

I'm a complete noob. Are there resources to help-me understand the problem.

On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson  wrote:


You can only turn off as much SSL validation as you control. The server
may also terminate a connection (say, for instance, it requires a client
SSL certificate.)

On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:

But are there a way to disable the `SSL Verification`?

I just wanna to ignore all SSL Verification.

Thanks

On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels 
wrote:


The exception you are showing means the server terminated the handshake
for some reason. Hard to say why. It might require a client cert or does
not like yout proposed ciphers or ssl protocols.



This particular exception seems not related to untrusted certificates,
your different approaches are both valid to accept all certs (ad long

as it

understands a common cipher and certificate type)


Gruss
Bernd
--
http://bernd.eckenfels.net
  From Win 10 Mobile



*Von: *Robson Roberto Souza Peixoto 
*Gesendet: *Freitag, 8. April 2016 22:16
*An: *httpclient-users@hc.apache.org
*Betreff: *Trust all certificates



Hi guys,



I'm using the HC to crawler a lot of sites =D. It's working like a

charm. I

really in love with HC.



But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received

fatal alert: handshake_failure` when I try to access a page with a

invalid

Certificate.



I googled a lot and tried all solutions, but no one worked.

Here a gist with my last try:

https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25



Are there a easy solution to trust all certificates of all hosts with

HC?



Thanks

--

Robson Roberto Souza Peixoto

Robinho

Master in Computer Science, University of Campinas

IRC: robsonpeixoto

Twitter: http://twitter.com/robinhopeixoto

github: https://github.com/robsonpeixoto





-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org

--

Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto




-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org



Re: Trust all certificates

2016-04-08 Thread Robson Roberto Souza Peixoto
I'm a complete noob. Are there resources to help-me understand the problem.

On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson  wrote:

> You can only turn off as much SSL validation as you control. The server
> may also terminate a connection (say, for instance, it requires a client
> SSL certificate.)
>
> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> > But are there a way to disable the `SSL Verification`?
> >
> > I just wanna to ignore all SSL Verification.
> >
> > Thanks
> >
> > On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels 
> > wrote:
> >
> >> The exception you are showing means the server terminated the handshake
> >> for some reason. Hard to say why. It might require a client cert or does
> >> not like yout proposed ciphers or ssl protocols.
> >>
> >>
> >>
> >> This particular exception seems not related to untrusted certificates,
> >> your different approaches are both valid to accept all certs (ad long
> as it
> >> understands a common cipher and certificate type)
> >>
> >>
> >> Gruss
> >> Bernd
> >> --
> >> http://bernd.eckenfels.net
> >>  From Win 10 Mobile
> >>
> >>
> >>
> >> *Von: *Robson Roberto Souza Peixoto 
> >> *Gesendet: *Freitag, 8. April 2016 22:16
> >> *An: *httpclient-users@hc.apache.org
> >> *Betreff: *Trust all certificates
> >>
> >>
> >>
> >> Hi guys,
> >>
> >>
> >>
> >> I'm using the HC to crawler a lot of sites =D. It's working like a
> charm. I
> >>
> >> really in love with HC.
> >>
> >>
> >>
> >> But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
> >>
> >> fatal alert: handshake_failure` when I try to access a page with a
> invalid
> >>
> >> Certificate.
> >>
> >>
> >>
> >> I googled a lot and tried all solutions, but no one worked.
> >>
> >> Here a gist with my last try:
> >>
> >> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> >>
> >>
> >>
> >> Are there a easy solution to trust all certificates of all hosts with
> HC?
> >>
> >>
> >>
> >> Thanks
> >>
> >> --
> >>
> >> Robson Roberto Souza Peixoto
> >>
> >> Robinho
> >>
> >> Master in Computer Science, University of Campinas
> >>
> >> IRC: robsonpeixoto
> >>
> >> Twitter: http://twitter.com/robinhopeixoto
> >>
> >> github: https://github.com/robsonpeixoto
> >>
> >>
> >>
>
>
> -
> To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
> For additional commands, e-mail: httpclient-users-h...@hc.apache.org
>
> --
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto


Re: Trust all certificates

2016-04-08 Thread Sam Wilson
You can only turn off as much SSL validation as you control. The server 
may also terminate a connection (say, for instance, it requires a client 
SSL certificate.)


On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:

But are there a way to disable the `SSL Verification`?

I just wanna to ignore all SSL Verification.

Thanks

On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels 
wrote:


The exception you are showing means the server terminated the handshake
for some reason. Hard to say why. It might require a client cert or does
not like yout proposed ciphers or ssl protocols.



This particular exception seems not related to untrusted certificates,
your different approaches are both valid to accept all certs (ad long as it
understands a common cipher and certificate type)


Gruss
Bernd
--
http://bernd.eckenfels.net
 From Win 10 Mobile



*Von: *Robson Roberto Souza Peixoto 
*Gesendet: *Freitag, 8. April 2016 22:16
*An: *httpclient-users@hc.apache.org
*Betreff: *Trust all certificates



Hi guys,



I'm using the HC to crawler a lot of sites =D. It's working like a charm. I

really in love with HC.



But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received

fatal alert: handshake_failure` when I try to access a page with a invalid

Certificate.



I googled a lot and tried all solutions, but no one worked.

Here a gist with my last try:

https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25



Are there a easy solution to trust all certificates of all hosts with HC?



Thanks

--

Robson Roberto Souza Peixoto

Robinho

Master in Computer Science, University of Campinas

IRC: robsonpeixoto

Twitter: http://twitter.com/robinhopeixoto

github: https://github.com/robsonpeixoto






-
To unsubscribe, e-mail: httpclient-users-unsubscr...@hc.apache.org
For additional commands, e-mail: httpclient-users-h...@hc.apache.org



Re: Trust all certificates

2016-04-08 Thread Robson Roberto Souza Peixoto
But are there a way to disable the `SSL Verification`?

I just wanna to ignore all SSL Verification.

Thanks

On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels 
wrote:

> The exception you are showing means the server terminated the handshake
> for some reason. Hard to say why. It might require a client cert or does
> not like yout proposed ciphers or ssl protocols.
>
>
>
> This particular exception seems not related to untrusted certificates,
> your different approaches are both valid to accept all certs (ad long as it
> understands a common cipher and certificate type)
>
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> From Win 10 Mobile
>
>
>
> *Von: *Robson Roberto Souza Peixoto 
> *Gesendet: *Freitag, 8. April 2016 22:16
> *An: *httpclient-users@hc.apache.org
> *Betreff: *Trust all certificates
>
>
>
> Hi guys,
>
>
>
> I'm using the HC to crawler a lot of sites =D. It's working like a charm. I
>
> really in love with HC.
>
>
>
> But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
>
> fatal alert: handshake_failure` when I try to access a page with a invalid
>
> Certificate.
>
>
>
> I googled a lot and tried all solutions, but no one worked.
>
> Here a gist with my last try:
>
> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
>
>
>
> Are there a easy solution to trust all certificates of all hosts with HC?
>
>
>
> Thanks
>
> --
>
> Robson Roberto Souza Peixoto
>
> Robinho
>
> Master in Computer Science, University of Campinas
>
> IRC: robsonpeixoto
>
> Twitter: http://twitter.com/robinhopeixoto
>
> github: https://github.com/robsonpeixoto
>
>
>
-- 
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto


Re: Trust all certificates

2016-04-08 Thread Bernd Eckenfels
The exception you are showing means the server terminated the handshake for 
some reason. Hard to say why. It might require a client cert or does not like 
yout proposed ciphers or ssl protocols.

This particular exception seems not related to untrusted certificates, your 
different approaches are both valid to accept all certs (ad long as it 
understands a common cipher and certificate type)

Gruss
Bernd
-- 
http://bernd.eckenfels.net
>From Win 10 Mobile

Von: Robson Roberto Souza Peixoto
Gesendet: Freitag, 8. April 2016 22:16
An: httpclient-users@hc.apache.org
Betreff: Trust all certificates

Hi guys,

I'm using the HC to crawler a lot of sites =D. It's working like a charm. I
really in love with HC.

But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure` when I try to access a page with a invalid
Certificate.

I googled a lot and tried all solutions, but no one worked.
Here a gist with my last try:
https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25

Are there a easy solution to trust all certificates of all hosts with HC?

Thanks
-- 
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto