Menu Search Sign up

SSL Handshake failure due to unsupported cipher suite

In my program which tried to open HTTPS connection to a remote server I got the following handshake error:

2014-09-19 11:33:55,649 [JBOSS-F] INFO [stdout] http--0.0.0.0-8081-2, RECV TLSv1 ALERT: fatal, handshake_failure

A further dump of the log showed that it is because the 256 bit ciphers are not supported:

2014-09-19 11:33:55,549 [JBOSS-F] INFO [stdout] Opening connection to 172.17.3.45:443...
2014-09-19 11:33:55,550 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
2014-09-19 11:33:55,550 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
2014-09-19 11:33:55,550 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
2014-09-19 11:33:55,550 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
2014-09-19 11:33:55,551 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
2014-09-19 11:33:55,552 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
2014-09-19 11:33:55,552 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
2014-09-19 11:33:55,552 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
2014-09-19 11:33:55,552 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
2014-09-19 11:33:55,553 [JBOSS-F] INFO [stdout] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256

The problem is that to run encryption stronger than 128-bit, you will need to download and install "Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files" from Java SE http://www.oracle.com/technetwork/java/javase/downloads/index.html. For JDK7, it is named UnlimitedJCEPolicyJDK7.zip. To install, you will need to unzip this file, and put the 2 files inside: local_policy.jar and US_export_policy.jar, into your <JVM home>/lib/security.

Then restart the java program, and the handshake failure probelm is resolved.