Java - SSL handshake failure to Sealights with Java 7

Owned by Eamonn O'Kane (Unlicensed)
Last updated: Mar 08, 2021 by Marc Amouyal
1 min read

Problem

In a Java 7 client environment, SSL handshake issues may be encountered while connecting to Sealights showing errors similar to below:

__Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)_"

Sealights supports TLS 1.2 connections as described here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html

Solution

Take the following steps to better understand the environment between client and server:

  1. Ensure the Java 7 client is using TLS 1.2 by adding -Dhttps.protocols=TLSv1.2

  2. Enable SSL debug mode using -Djavax.net.debug=sslin order to display and review the client and server cipher suites in use for the attempted connection

  3. If needed, add TLS 1.2 ciphers to the Java 7 client environment using -Dhttps.cipherSuites=<comma separated list of ciphers> per the example below

-Dhttps.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256