SSL Handshake failures with client and server

Question

So I'm building a client on Python and a server on Java to communicate and transfer files and strings. I'm thinking that the first thing I would have to do (besides connect the Server and Client) is complete the SSL Handshake. The following is my Python client code and Java server code that I have implemented:

Python Client Code

import socket
import ssl
import struct
import io
import threading
import optparse
import os
import sys

HOST = "localhost"
PORT = 777
ADDR = (HOST,PORT)




def sock_connection():
    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sock.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    time.sleep(1)
    ssl_sock = ssl.wrap_socket(sock)
    try:
        time.sleep(1)
        ssl_sock.connect(ADDR)
        print('CONNECTED!')
    except socket.error as e:
        print('ERROR', e)
        exit(1)
    return ssl_sock

def main():
    sock_connection()

main()

Java Server code:

import java.io.DataInputStream;
import java.io.DataOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map.Entry;
import java.io.BufferedReader;
import java.io.InputStream;
import java.io.InputStreamReader;

import javax.net.ssl.SSLServerSocket;
import javax.net.ssl.SSLServerSocketFactory;
import javax.net.ssl.SSLSocket;



  public 
  class Server {
    private static final int PORT = 777;

   public
            static
    void
            main(String[] arstring) {
        try {
            SSLServerSocketFactory sslserversocketfactory =
                    (SSLServerSocketFactory) SSLServerSocketFactory.getDefault();
            SSLServerSocket sslserversocket =
                    (SSLServerSocket) sslserversocketfactory.createServerSocket(PORT);
            SSLSocket sslsocket = (SSLSocket) sslserversocket.accept();

            InputStream inputstream = sslsocket.getInputStream();
            InputStreamReader inputstreamreader = new InputStreamReader(inputstream);
            BufferedReader bufferedreader = new BufferedReader(inputstreamreader);

            String string = null;
            while ((string = bufferedreader.readLine()) != null) {
                System.out.println(string);
                System.out.flush();
            }
        } catch (Exception exception) {
            exception.printStackTrace();
        }
    }
}

I normally run the Server first, which runs fine, then i run the client and i receive the following error in the server terminal:

javax.net.ssl.SSLHandshakeException: no cipher suits in common

And the following in python:

ERROR [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:645)

Any and all help would be greatly appreciated.

Thanks

Answer 1

SSLV3 has been deprecated due to security weaknesses. Your client is trying to use the SSLV3 protocol while the server doesn't even recognise it.

You can either :

• Set up the server to allow SSLV3 (not what I would recommend)
• Configure your socket in your python client to explicitly not use any protocol based on SSLV3. You can use instead TLS. You usually want to do that by overriding the SocketFactory used.

In the Java world, we have this problem when using a client in java 1.6. Java 1.7 has removed the default use of SSLV3Hello.

Answer 2

javax.net.ssl.SSLHandshakeException: no cipher suits in common

This means that the server supports only ciphers the client does not support, i.e. no overlap and thus no common cipher which can be used for authentication and encryption.

Given the source code of your server my guess is that you've missed to setup the certificate the server should use. In this case only anonymous authentication can be done and the ciphers for this are usually not enabled in SSL clients (and also not in the browser).