web-dev-qa-db-fra.com

Java 8 RECV TLSv1.2 ALERT: fatal, handshake_failure

J'ai épuisé mes capacités de recherche et d'expérimentation pour résoudre ce problème. J'ai essayé les gestionnaires de confiance, les usines de socket ssl, les vérificateurs de nom d'hôte, le registre de schéma, les modifications de contexte ssl, etc.

Quelqu'un peut-il m'aider?

Le programme est:

import Java.io.BufferedReader ;
import Java.io.InputStreamReader ;
import Java.io.Reader ;
import Java.net.URL ;
import Java.net.URLConnection ;
import Java.security.cert.X509Certificate ;

import javax.net.ssl.HostnameVerifier ;
import javax.net.ssl.HttpsURLConnection ;
import javax.net.ssl.SSLContext ;
import javax.net.ssl.SSLSession ;
import javax.net.ssl.TrustManager ;
import javax.net.ssl.X509TrustManager ;


public class
      TestSSL {

   public static void
   main(String[] args)
      throws Exception {

// Create a trust manager that does not validate certificate chains
      TrustManager[] trustAllCerts = new TrustManager[]
            { new X509TrustManager() {
            public Java.security.cert.X509Certificate[]
            getAcceptedIssuers() {
               return null ;
            }


            public void
            checkClientTrusted(X509Certificate[] certs, String authType) {
            }


            public void
            checkServerTrusted(X509Certificate[] certs, String authType) {
            }
         } } ;

// Install the all-trusting trust manager
      final SSLContext sc = SSLContext.getInstance("SSL") ;
      sc.init(null, trustAllCerts, new Java.security.SecureRandom()) ;

      HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()) ;

// Create all-trusting Host name verifier
      HostnameVerifier allHostsValid = new HostnameVerifier() {
         public boolean
         verify(String hostname, SSLSession session) {
            return true ;
         }
      } ;

// Install the all-trusting Host verifier
      HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid) ;

// set target URL

////////////////////////////////////////////////////////////////////////////////////////////
      URL url = new URL("https://sourceforge.net/projects/taggersharp/") ; // THIS FAILS
// URL url = new URL("https://www.google.com");  //THIS WORKS
////////////////////////////////////////////////////////////////////////////////////////////

// process the URL
      URLConnection con = url.openConnection() ;

      final Reader reader = new InputStreamReader(con.getInputStream()) ;
      final BufferedReader br = new BufferedReader(reader) ;
      String line = "" ;
      while ((line = br.readLine()) != null) {
         System.out.println(line) ;
      }
      br.close() ;

   } // End of main

} // End of the class //

Je le compile et l'exécute avec les options et résultats suivants:

C:\$\VersionsTEST>"C:\Program Files\Java\jre1.8.0_141\bin\Java.exe"  -Djavax.net.debug=ssl -Djava.security.properties=security.props -Dhttps.protocols=TLSv1.1,TLSv1,TLSv1.2 -Djavax.net.debug=all -Djavax.net.debug=all TestSSL
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=Host_name (0), value=sourceforge.net) was replaced with (type=Host_name (0), value=sourceforge.net)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1487939520 bytes = { 108, 232, 206, 41, 154, 180, 117, 47, 215, 3, 103, 236, 131, 140, 254, 113, 53, 30, 15, 54, 153, 237, 200, 209, 239, 85, 46, 190 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=Host_name (0), value=sourceforge.net]
***
[write] MD5 and SHA1 hashes:  len = 169
0000: 01 00 00 A5 03 03 59 B0   28 C0 6C E8 CE 29 9A B4  ......Y.(.l..)..
0010: 75 2F D7 03 67 EC 83 8C   FE 71 35 1E 0F 36 99 ED  u/..g....q5..6..
0020: C8 D1 EF 55 2E BE 00 00   2A C0 23 C0 27 00 3C C0  ...U....*.#.'.<.
0030: 25 C0 29 C0 09 C0 13 00   2F C0 04 C0 0E C0 2B C0  %.)...../.....+.
0040: 2F 00 9C C0 2D C0 31 C0   08 C0 12 00 0A C0 03 C0  /...-.1.........
0050: 0D 00 FF 01 00 00 52 00   0A 00 16 00 14 00 17 00  ......R.........
0060: 18 00 19 00 09 00 0A 00   0B 00 0C 00 0D 00 0E 00  ................
0070: 16 00 0B 00 02 01 00 00   0D 00 16 00 14 06 03 06  ................
0080: 01 05 03 05 01 04 03 04   01 04 02 02 03 02 01 02  ................
0090: 02 00 00 00 14 00 12 00   00 0F 73 6F 75 72 63 65  ..........source
00A0: 66 6F 72 67 65 2E 6E 65   74                       forge.net
main, WRITE: TLSv1.2 Handshake, length = 169
[Raw write]: length = 174
0000: 16 03 03 00 A9 01 00 00   A5 03 03 59 B0 28 C0 6C  ...........Y.(.l
0010: E8 CE 29 9A B4 75 2F D7   03 67 EC 83 8C FE 71 35  ..)..u/..g....q5
0020: 1E 0F 36 99 ED C8 D1 EF   55 2E BE 00 00 2A C0 23  ..6.....U....*.#
0030: C0 27 00 3C C0 25 C0 29   C0 09 C0 13 00 2F C0 04  .'.<.%.)...../..
0040: C0 0E C0 2B C0 2F 00 9C   C0 2D C0 31 C0 08 C0 12  ...+./...-.1....
0050: 00 0A C0 03 C0 0D 00 FF   01 00 00 52 00 0A 00 16  ...........R....
0060: 00 14 00 17 00 18 00 19   00 09 00 0A 00 0B 00 0C  ................
0070: 00 0D 00 0E 00 16 00 0B   00 02 01 00 00 0D 00 16  ................
0080: 00 14 06 03 06 01 05 03   05 01 04 03 04 01 04 02  ................
0090: 02 03 02 01 02 02 00 00   00 14 00 12 00 00 0F 73  ...............s
00A0: 6F 75 72 63 65 66 6F 72   67 65 2E 6E 65 74        ourceforge.net
[Raw read]: length = 5
0000: 15 03 03 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_anon_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
main, setSoTimeout(0) called
main, the previous server name in SNI (type=Host_name (0), value=sourceforge.net) was replaced with (type=Host_name (0), value=sourceforge.net)
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1487939569 bytes = { 112, 166, 46, 83, 81, 37, 183, 87, 66, 77, 244, 18, 174, 101, 138, 145, 155, 105, 62, 195, 70, 55, 37, 194, 127, 138, 118, 101 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension server_name, server_name: [type=Host_name (0), value=sourceforge.net]
***
[write] MD5 and SHA1 hashes:  len = 169
0000: 01 00 00 A5 03 03 59 B0   28 F1 70 A6 2E 53 51 25  ......Y.(.p..SQ%
0010: B7 57 42 4D F4 12 AE 65   8A 91 9B 69 3E C3 46 37  .WBM...e...i>.F7
0020: 25 C2 7F 8A 76 65 00 00   2A C0 23 C0 27 00 3C C0  %...ve..*.#.'.<.
0030: 25 C0 29 C0 09 C0 13 00   2F C0 04 C0 0E C0 2B C0  %.)...../.....+.
0040: 2F 00 9C C0 2D C0 31 C0   08 C0 12 00 0A C0 03 C0  /...-.1.........
0050: 0D 00 FF 01 00 00 52 00   0A 00 16 00 14 00 17 00  ......R.........
0060: 18 00 19 00 09 00 0A 00   0B 00 0C 00 0D 00 0E 00  ................
0070: 16 00 0B 00 02 01 00 00   0D 00 16 00 14 06 03 06  ................
0080: 01 05 03 05 01 04 03 04   01 04 02 02 03 02 01 02  ................
0090: 02 00 00 00 14 00 12 00   00 0F 73 6F 75 72 63 65  ..........source
00A0: 66 6F 72 67 65 2E 6E 65   74                       forge.net
main, WRITE: TLSv1.2 Handshake, length = 169
[Raw write]: length = 174
0000: 16 03 03 00 A9 01 00 00   A5 03 03 59 B0 28 F1 70  ...........Y.(.p
0010: A6 2E 53 51 25 B7 57 42   4D F4 12 AE 65 8A 91 9B  ..SQ%.WBM...e...
0020: 69 3E C3 46 37 25 C2 7F   8A 76 65 00 00 2A C0 23  i>.F7%...ve..*.#
0030: C0 27 00 3C C0 25 C0 29   C0 09 C0 13 00 2F C0 04  .'.<.%.)...../..
0040: C0 0E C0 2B C0 2F 00 9C   C0 2D C0 31 C0 08 C0 12  ...+./...-.1....
0050: 00 0A C0 03 C0 0D 00 FF   01 00 00 52 00 0A 00 16  ...........R....
0060: 00 14 00 17 00 18 00 19   00 09 00 0A 00 0B 00 0C  ................
0070: 00 0D 00 0E 00 16 00 0B   00 02 01 00 00 0D 00 16  ................
0080: 00 14 06 03 06 01 05 03   05 01 04 03 04 01 04 02  ................
0090: 02 03 02 01 02 02 00 00   00 14 00 12 00 00 0F 73  ...............s
00A0: 6F 75 72 63 65 66 6F 72   67 65 2E 6E 65 74        ourceforge.net
[Raw read]: length = 5
0000: 15 03 03 00 02                                     .....
[Raw read]: length = 2
0000: 02 28                                              .(
main, READ: TLSv1.2 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, handshake_failure
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Exception in thread "main" javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
        at Sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at Sun.security.ssl.Alerts.getSSLException(Unknown Source)
        at Sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
        at Sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at Sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at Sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at Sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
        at Sun.net.www.protocol.https.HttpsClient.afterConnect(Unknown Source)
        at Sun.net.www.protocol.https.AbstractDelegateHttpsURLConnection.connect(Unknown Source)
        at Sun.net.www.protocol.http.HttpURLConnection.getInputStream0(Unknown Source)
        at Sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown Source)
        at Sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(Unknown Source)
        at TestSSL.main(TestSSL.Java:66)
5
PaulJayD

Si vous cochez les chiffres proposés par sourceforge.net comme analysés par SSLLabs , vous verrez que le site ne prend en charge que les chiffres avec AES256. Si vous regardez ensuite les chiffrements offerts par votre Java vous verrez qu'il n'y a que des chiffrements AES128 et 3DES:

Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]

Cela signifie qu'aucune des offres de chiffrement de votre client n'est acceptée par le serveur, ce qui entraînera un échec de la prise de contact. Il se peut que vous deviez activer Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy pour prendre en charge les chiffrements AES256.

9
Steffen Ullrich

La réponse ci-dessus est correcte, bien sûr. J'ai par erreur ajouté les fichiers "UnlimitedJCEPolicyJDK8" dans le répertoire JRE et SDK\lib, pas le répertoire\lib\security . J'ai réparé l'erreur et tout va bien.

Merci à tous.

Paul

4
PaulJayD