SSL Handshake Failed - Java 1.8

Question

Just letting folks know about an issue I had that many seemed to have had after upgrading to Java 1.8. Not all of the solutions are the same hence posting how I resolved th

Answer 1

With JDK 1.8.0_51 release RC4 is no longer supported from Java as client (also as server) to negotiate SSL handshake, RC4 is considered weak (and compromised ) cipher and that is the reason for removal

http://bugs.java.com/view_bug.do?bug_id=8076221

You can still however enable it by removing RC4 from jdk.tls.disabledAlgorithms from your Java security config or progamatically enabling them using setEnabledCipherSuites() method

However better solution would be to update the server configuration (if it is under your control) to upgrade to stronger Ciphers

RC4 is now considered as a compromised cipher. RC4 cipher suites have been removed from both client and server default enabled cipher suite list in Oracle JSSE implementation. These cipher suites can still be enabled by SSLEngine.setEnabledCipherSuites() and SSLSocket.setEnabledCipherSuites() methods.

As to your approach on setting it by using Security.setProperty(), it is not reliable way because the fields which hold disabled algorithms are static and final, So if that class gets loaded first you don't have controll over it, you could alternatively try by creating a properties file

like this

## override it to remove RC4, in disabledcipher.properties
jdk.tls.disabledAlgorithms=DHE

and in your JVM, you could refer it as system property like this

java -Djava.security.properties=disabledcipher.properties blah...