Java - SSL handshake failure to Sealights with Java 7
Problem
In a Java 7 client environment, SSL handshake issues may be encountered while connecting to Sealights showing errors similar to below:
__Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)_"
Sealights supports TLS 1.2 connections as described here: https://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/secure-connections-supported-viewer-protocols-ciphers.html
Solution
Take the following steps to better understand the environment between client and server:
Ensure the Java 7 client is using TLS 1.2 by adding
-Dhttps.protocols=TLSv1.2
Enable SSL debug mode using
-Djavax.net.debug=ssl
in order to display and review the client and server cipher suites in use for the attempted connectionIf needed, add TLS 1.2 ciphers to the Java 7 client environment using
-Dhttps.cipherSuites=<comma separated list of ciphers>
per the example below
-Dhttps.cipherSuites=TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256