Java SSL error 403 Forbidden

Question

Could someone help me to spot if there is anything wrong here with my SSLHandshake?

I have a Java client app (using Spring WS security) trying to send data to a server (not in my control) and I've setup the following

1. Client Truststore with certificate from the server
2. Java Keystore with my "PrivateKeyEntry" certificate & chains + certificate from the server (maybe that's not necessary)
3. Server has imported my public key associated with #2.

Below my debug SSL handshake log (some parts abbreviated), I can't seem to find any error.. is this something the server side need to look into? (I'm not sure, they are not sure, such the reason I'm asking here)

=====

...
loading bunch of truststore certs..
trigger seeding of SecureRandom
done seeding SecureRandom

%% No cached client session
*** ClientHello, TLSv1
RandomCookie:  GMT: 1434719494 bytes = { 99, 87, 115, 11, 185, 203, 150, 154, 249, 227, 214, 17, 102, 68, 224, 171, 37, 125, 178, 169, 216, 111, 32, 118, 22, 231, 1, 135 }
Session ID:  {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods:  { 0 }
***
main, WRITE: TLSv1 Handshake, length = 73
main, WRITE: SSLv2 client hello message, length = 98
main, READ: TLSv1 Handshake, length = 1347
*** ServerHello, TLSv1
RandomCookie:  GMT: 1434719497 bytes = { 210, 157, 0, 180, 231, 29, 218, 170, 155, 154, 158, 136, 171, 172, 173, 11, 9, 95, 169, 164, 107, 33, 138, 187, 114, 62, 39, 224 }
Session ID:  {86, 132, 21, 9, 10, 164, 177, 194, 128, 194, 233, 113, 113, 209, 137, 96, 86, 15, 246, 171, 126, 60, 182, 249, 58, 108, 215, 127, 171, 228, 223, 15}
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
***
%% Created:  [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
*** Certificate chain
[abbreviated for simplification]...loads 
chain[0]
....
....chain[6]
***
Found trusted certificate:
[
  [Abbreviated here for simplification]
]

Certificate Extensions: 6
[1]:  .... [Abbreviated here for simplification]
[2]: ..... [Abbreviated here for simplification]
[3]: ..... [Abbreviated here for simplification]
[4]: ..... [Abbreviated here for simplification]
[5]: ..... [Abbreviated here for simplification]
[6]: ..... [Abbreviated here for simplification]
*** ServerHelloDone
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
main, WRITE: TLSv1 Handshake, length = 262
SESSION KEYGEN:
PreMaster Secret:
.... [Abbreviated here for simplification]
CONNECTION KEYGEN:
Client Nonce:
.... [Abbreviated here for simplification]
Server Nonce:
.... [Abbreviated here for simplification]
Master Secret:
.... [Abbreviated here for simplification]
Client MAC write Secret:
...  [Abbreviated here for simplification]                             
Server MAC write Secret:
.....[Abbreviated here for simplification]                          
Client write key:
0000: 26 0E 02 DE 04 67 CF 56   79 17 FA 89 98 A3 D0 75  &....g.Vy......u
Server write key:
0000: 02 3E 5E 9D 7B C4 74 36   74 58 7E 64 D6 FF B4 2D  .>^...t6tX.d...-
Client write IV:
0000: 87 7B 42 7D 33 E9 2C E2   50 E8 49 FE 0C C9 FE 37  ..B.3.,.P.I....7
Server write IV:
0000: 4C 35 0F 1C F1 23 9F A3   49 21 5D 58 24 51 8F 9C  L5...#..I!]X$Q..
main, WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 127, 65, 162, 165, 117, 87, 61, 139, 47, 253, 84, 93 }
***
main, WRITE: TLSv1 Handshake, length = 48
main, READ: TLSv1 Change Cipher Spec, length = 1
main, READ: TLSv1 Handshake, length = 48
*** Finished
verify_data:  { 198, 137, 122, 87, 73, 249, 126, 148, 111, 156, 34, 192 }
***
%% Cached client session: [Session-1, TLS_RSA_WITH_AES_128_CBC_SHA]
main, WRITE: TLSv1 Application Data, length = 416
main, WRITE: TLSv1 Application Data, length = 9520
main, READ: TLSv1 Application Data, length = 192
main, called close()
main, called closeInternal(true)
main, SEND TLSv1 ALERT:  warning, description = close_notify
main, WRITE: TLSv1 Alert, length = 32
org.springframework.ws.client.WebServiceTransportException: Forbidden [403]

Answer 1

SSL error 403

On the contrary. There is no SSL error here. 403 is an HTTP error code, and the fact that you received it indicates that your SSL setup is working perfectly.

403 means 'Forbidden', which means you're using a URL youve denied client access to under some or possibly all circumstances. Only you know what they are.