Java - SSL handshake failure to Sealights with Java 7
Problem
In a Java 7 client environment, SSL handshake issues may be encountered while connecting to Sealights showing errors similar to below:
__Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)_"
Sealights supports TLS 1.2 connections as described here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html
Solution
Take the following steps to better understand the environment between client and server:
Ensure the Java 7 client is using TLS 1.2 by adding
-Dhttps.protocols=TLSv1.2
Enable SSL debug mode using
-Djavax.net.debug=ssl
in order to display and review the client and server cipher suites in use for the attempted connectionIf needed, add TLS 1.2 ciphers to the Java 7 client environment using
-Dhttps.cipherSuites=<comma separated list of ciphers>
per the example below
-Dhttps.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256
Related articles
- Agents cannot reach SeaLights platform (unreachable network errors)
- .Net - How to ensure I am running the latest/recommended agent version
- Chrome Extension - How to report an issue to Sealights Support
- Tomcat - java.io.FileNotFoundException - "WARNING: Failed to scan"
- Maven - BUILD FAILURE - Error injecting constructor, java.lang.NoClassDefFoundError: org/slf4j/helpers/MarkerIgnoringBase