fiddle
Reputation: 1164
Issue validating self signed certificate: handshake_failure received
I am using quickfix to validate server's certificate and get fatal handshake_failure.
This is how it looks to me:
Initial handshake is initiated
The client connects.
The server accepts.
A TLS handshake occurs during which:
o Cipher suites are successfully negotiated.
o The client verifies the server certificate
o The server arbitrarily closes the socket.( SEND TLSv1 ALERT: warning, description = close_notify <-- This however looks like a clean closure.)
o The client is left hanging
Can someone take a look at it. Please.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring disabled protocol: SSLv3
%% No cached client session
..
..
*** ClientHello, TLSv1
RandomCookie: GMT: 1468991703 bytes = { 167, 140, 147, 81, 176, 169, 230, 45, 229, 147, 246, 106, 201, 127, 79, 194, 88, 63, 1, 91, 34, 184, 35, 49, 119, 31, 227, 157 }
..
..
ISocketConnector-0, WRITE: TLSv1 Handshake, length = 149
MINA session created for FIX.4.4:ZZZZZ->YYYY: local=/X.X.X.X:XXXXXX, class org.apache.mina.transport.socket.nio.SocketSessionImpl, remote=/XXX.XXX.XXX.XX:YYYYY [quickfix.mina.initiator.InitiatorIoHandler:50]
SocketConnectorIoProcessor-0.0, READ: TLSv1 Handshake, length = 81
*** ServerHello, TLSv1
..
..
Cipher Suite: TLS_RSA_WITH_AES_128_CBC_SHA
Compression Method: 0
Extension renegotiation_info, renegotiated_connection: <empty>
%% Initialized: [Session-1885, TLS_RSA_WITH_AES_128_CBC_SHA]
** TLS_RSA_WITH_AES_128_CBC_SHA
SocketConnectorIoProcessor-0.0, READ: TLSv1 Handshake, length = 3224
*** Certificate chain
chain [0] = [
Version: V3
..
..
..
..
READ: TLSv1 Handshake, length = 14
*** CertificateRequest
Cert Types: RSA, DSS, ECDSA
Cert Authorities:
<Empty>
*** ServerHelloDone
*** Certificate chain
***
*** ClientKeyExchange, RSA PreMasterSecret, TLSv1
WRITE: TLSv1 Handshake, length = 141
SESSION KEYGEN:
PreMaster Secret:
..
..
CONNECTION KEYGEN:
Client Nonce:
..
..
Server Nonce:
..
..
Master Secret:
..
..
Client MAC write Secret:
..
..
Server MAC write Secret:
..
..
Client write key:
...
Server write key:
..
Client write IV:
..
Server write IV:
..
..
WRITE: TLSv1 Change Cipher Spec, length = 1
*** Finished
verify_data: { 85, 227, 34, 74, 171, 223, 226, 95, 232, 234, 118, 50 }
WRITE: TLSv1 Handshake, length = 48
READ: TLSv1 Alert, length = 2
RECV TLSv1 ALERT: fatal, handshake_failure
fatal: engine already closedRethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
called closeOutbound()
closeOutboundInternal()
SEND TLSv1 ALERT: warning, description = close_notify
WRITE: TLSv1 Alert, length = 32
called closeInbound()
fatal: engine already closedRethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
called closeOutbound()
closeOutboundInternal()
Upvotes: 0
Views: 754
Answers (1)
Steffen Ullrich
Reputation: 123320
*** CertificateRequest
The server wants a client certificate but the client does not send any. Therefore the server closes the connection with a a handshake_failure alert.
Upvotes: 0
Related Questions
- Received fatal alert: handshake_failure through SSLHandshakeException
- "SocketException: Unconnected sockets not implemented" with self-signed SSL certificate
- Java - Received fatal alert: handshake_failure
- Why does a signed certificate give me a handshake failure using Java?
- Unable to get Java to trust my self-signed certificate
- Java SSLHandshakeException with self-signed certificate
- SSL Self Signed Certificate Error
- Getting Bad Certificate Error while SSl Hand shake Expcetion
- SSL Connection with self-signed certificate error (C# Socket connect to Java Server Socket)
- HTTPS with self-signed certificate produces handshake error