Closed
Description
When I try to access some https website (on Cloudfront or Cloudflare CDN mainly), I've got a lot of Received fatal alert: handshake_failure, dropping
Here is a example of the logs (with -Djavax.net.debug=ssl)
Using SSLEngineImpl.
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie: GMT: 1516781808 bytes = { 64, 126, 229, 204, 228, 249, 140, 155, 189, 197, 99, 107, 21, 117, 245, 152, 65, 177, 119, 166, 67, 106, 117, 162, 182, 118, 84, 156 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
Extension renegotiation_info, renegotiated_connection: <empty>
***
AsyncHttpClient-2-7, WRITE: TLSv1.2 Handshake, length = 134
AsyncHttpClient-2-7, READ: TLSv1.2 Alert, length = 2
AsyncHttpClient-2-7, RECV TLSv1.2 ALERT: fatal, handshake_failure
AsyncHttpClient-2-7, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
AsyncHttpClient-2-7, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
AsyncHttpClient-2-7, called closeOutbound()
AsyncHttpClient-2-7, closeOutboundInternal()
AsyncHttpClient-2-7, SEND TLSv1.2 ALERT: warning, description = close_notify
AsyncHttpClient-2-7, WRITE: TLSv1.2 Alert, length = 2
AsyncHttpClient-2-7, called closeInbound()
AsyncHttpClient-2-7, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
AsyncHttpClient-2-7, called closeOutbound()
AsyncHttpClient-2-7, closeOutboundInternal()
2018-01-24 09:21:04.106 WARN 31493 --- [cHttpClient-2-7] c.w.b.f.h.async.AsyncHttpFetcher : Error while fetching https://m.20minutos.es/: Received fatal alert: handshake_failure, dropping
AsyncHttpClient-2-7, called closeOutbound()
AsyncHttpClient-2-7, closeOutboundInternal()
AsyncHttpClient-2-7, READ: TLSv1.2 Alert, length = 2
AsyncHttpClient-2-7, RECV TLSv1.2 ALERT: fatal, handshake_failure
AsyncHttpClient-2-7, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
AsyncHttpClient-2-7, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
AsyncHttpClient-2-7, called closeOutbound()
AsyncHttpClient-2-7, closeOutboundInternal()
AsyncHttpClient-2-7, called closeInbound()
AsyncHttpClient-2-7, closeInboundInternal()
AsyncHttpClient-2-7, closeOutboundInternal()
I'm using async-http-client 2.2.0 with Oracle Java:
java version "1.8.0_161"
Java(TM) SE Runtime Environment (build 1.8.0_161-b12)
Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)