SSLHandshakeException : Remote host closed connection during handshake
Most probably the server has disabled TLS 1.0 (and you're talking TLS 1.0 as seen in the sequence bytes 47 03 01 5A), or it is waiting for the SNI extension which is absent.
About Java 6, only 6u111 will allow anything better (TLS 1.1) than TLS 1.0, and 6u121 will allow TLS 1.2. Have a look at the Reference. Because of the TLS version intolerance problem, it's still unsufficient, and only a system property will enable it for good, as explained in the Release Notes :
TLS v1.2 is now a TLS protocol option with this release. By default,
TLSv1.0 will remain the default enabled protocol on client sockets.
For this reason, a couple of system properties to try :
-Djdk.tls.client.protocols="TLSv1.2"
(prerequisite : 6u121 / 7u95)-Dhttps.protocols="TLSv1.2"
if your code is using HttpsURLConnection
Your ClientHello is correctly formatted but it doesn't contain any extension (particularly the SNI). This is why it looks so short (bytes = 80). The SNI is enabled by default starting with 6u121 (if I'm right). Both causes that I see should be solved with the adequate Java version.
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake opening an HTTPS page with HTMLUnit
The problem was solved upgrading to Java 8, as haihui said in a comment (but I had just upgraded before that comment).
I upgraded to Java 8 after reading Oracle's blog about HTTPS debugging and copying the JCE files suggested there in the $JAVA_HOME/lib/security (nothing changed).
I decided to upgrade to java 8 after I saw this site about SSL Site debugging couldn't connect using java 7 too.
During debugging I added this to the JRE arguments
-Djavax.net.debug=all
to see what's going on.
JDK 1.5 SSLHandshakeException
After a lot of research, I found out that, there is no way to do this and of course, installing the unlimited policy is also ugly solution. Sun does not recommend us changing policy. The best way to solve that problem is, that always maintain your Java version better then this one. I had to write on 1.5 and had no other chance to simply upgrade system and decided worse but the only solution, that worked, of course. I created some kind of proxy service with Java 1.8 + Wildlfy 8.2 on the same machine with different port of Jboss and call services from there. 1.5 and 1.8 apps communicate with simple soap protocol. Problem "fixed".
How to solve javax.net.ssl.SSLHandshakeException Error?
First, you need to obtain the public certificate from the server you're trying to connect to. That can be done in a variety of ways, such as contacting the server admin and asking for it, using OpenSSL to download it, or, since this appears to be an HTTP server, connecting to it with any browser, viewing the page's security info, and saving a copy of the certificate. (Google should be able to tell you exactly what to do for your specific browser.)
Now that you have the certificate saved in a file, you need to add it to your JVM's trust store. At $JAVA_HOME/jre/lib/security/
for JREs or $JAVA_HOME/lib/security
for JDKs, there's a file named cacerts
, which comes with Java and contains the public certificates of the well-known Certifying Authorities. To import the new cert, run keytool as a user who has permission to write to cacerts:
keytool -import -file <the cert file> -alias <some meaningful name> -keystore <path to cacerts file>
It will most likely ask you for a password. The default password as shipped with Java is changeit
. Almost nobody changes it. After you complete these relatively simple steps, you'll be communicating securely and with the assurance that you're talking to the right server and only the right server (as long as they don't lose their private key).
Related Topics
How to Create Executable Java Program
How to Have 2 Jvms Talk to One Another
How to Set Up Jax-Rs Application Using Annotations Only (No Web.Xml)
Compile Code Fully in Memory with Javax.Tools.Javacompiler
Double Checked Locking in Singleton
In Java, What Is a Shallow Copy
Given Final Block Not Properly Padded
Booleans, Conditional Operators and Autoboxing
Send an Array with an Http Get
When Will a String Be Garbage Collected in Java
Sorting Java Objects Using Multiple Keys
Jcombobox Selection Change Listener
Spring Aop Not Working for Method Call Inside Another Method
Make Jackson Interpret Single JSON Object as Array with One Element
How to Re-Attach Detached Objects in Hibernate
Jre 1.7 - Java Version - Returns: Java/Lang/Noclassdeffounderror: Java/Lang/Object