LLL RRR
Reputation: 189
HttpClient 4.4.1 not support TLS_DHE_RSA_WITH_AES_256_CBC_SHA
I would like to connect to page and get response. I have cert at server in file with truststores. Other page work great, but not host=ebok.duon.pl
I use Java 7 and HttpClient:
<dependency>
<groupId>org.apache.httpcomponents</groupId>
<artifactId>httpclient</artifactId>
<version>4.4.1</version>
</dependency>
Exception:
java.lang.IllegalArgumentException: Cannot support TLS_DHE_RSA_WITH_AES_256_CBC_SHA with currently installed providers
at sun.security.ssl.CipherSuiteList.<init>(CipherSuiteList.java:92)
at sun.security.ssl.SSLSocketImpl.setEnabledCipherSuites(SSLSocketImpl.java:2374)
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:384)
at org.apache.http.impl.conn.DefaultHttpClientConnectionOperator.upgrade(DefaultHttpClientConnectionOperator.java:185)
at org.apache.http.impl.conn.PoolingHttpClientConnectionManager.upgrade(PoolingHttpClientConnectionManager.java:369)
at org.apache.http.impl.execchain.MainClientExec.establishRoute(MainClientExec.java:415)
at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:236)
at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:184)
at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:88)
at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:110)
at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:184)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:117)
I checked at Java 8 but is the same.
a few code:
HttpClientContext context = HttpClientContext.create();
CookieStore cookieStore = new BasicCookieStore();
context.setCookieStore(cookieStore);
HttpHost targetHost = new HttpHost(host, 443, "https");
try {
SSLContext sslContext = SSLContexts
.custom()
.useTLS()
.build();
SSLConnectionSocketFactory sslConnectionSocketFactory = new SSLConnectionSocketFactory(
sslContext,
new String[]{"TLSv1", "TLSv1.0", "TLSv1.1", "TLSv1.2", "SSLv3"},
new String[]{"TLS_DHE_RSA_WITH_AES_256_CBC_SHA"},
null);
RequestConfig requestConfig = RequestConfig
.custom()
.setRedirectsEnabled(false)
.setConnectTimeout(60000)
.setConnectionRequestTimeout(10000)
.setSocketTimeout((60000)
.build();
this.httpClient = HttpClientBuilder
.create()
.setUserAgent("Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.111 Safari/537.36")
.setDefaultCookieStore(cookieStore)
.setDefaultRequestConfig(requestConfig)
.setSslcontext(sslContext)
.setSSLSocketFactory(sslConnectionSocketFactory)
.build();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
} catch (KeyManagementException e) {
e.printStackTrace();
}
how can I fix / around ?
Upvotes: 2
Views: 1941
Answers (1)
Dave G
Reputation: 9767
This is not an issue with HttpClient but with the JRE you are running under
TLS_DHE_RSA_WITH_AES_256_CBC_SHA < That indicates that the server is attempting to negotiate using AES-256/CBC as the cipher mechanism.
If you are running a standard Oracle JRE/JDK, you will be required to install the JCE policy files to enable encryption strength greater than AES 192-bit.
Upvotes: 2
Related Questions
- Apache Http Client SSL certificate error
- How to set TLS version on apache HttpClient
- SSL in HttpClient
- apache httpclient: Received fatal alert: bad_certificate
- HTTPs connection by apache httpclient 4.4
- HttpClient 4.5.2 - SSL cert issue
- How to fix (SSLException) Received fatal alert: protocol_version in Java
- HttpClientBuilder is using TLSv1.2 instead of TLSv1
- connection to https with httpclient 4.1.2 gives org.apache.http.client.ClientProtocolException
- Apache HTTPClient SSLPeerUnverifiedException