Hi,
I have add the following to disable SSL verification when I download files ( since it is in a testenv).
This is the code:
public static void disableSslVerification() {
try {
// Create a trust manager that does not validate certificate chains
TrustManager[] trustAllCerts = new TrustManager[] { new X509TrustManager() {
@Override
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[0];
}
@Override
public void checkClientTrusted(java.security.cert.X509Certificate[] chain, String authType) {// NOSONAR
// Do nothing
}
@Override
public void checkServerTrusted(java.security.cert.X509Certificate[] chain, String authType) {// NOSONAR
// Do nothing
}
} };
// Install the all-trusting trust manager
SSLContext sc = SSLContext.getInstance("SSL");// NOSONAR
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
// Create all-trusting host name verifier
HostnameVerifier allHostsValid = (String hostname, SSLSession session) -> true; // NOSONAR
// Install the all-trusting host verifier
HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
} catch (NoSuchAlgorithmException e) {
LOGGER.error("No such algorithm", e);
} catch (KeyManagementException e) {
LOGGER.error("Key Management problem", e);
}
}
Then I have a class where I establish the connection with the following code:
public static synchronized HttpsURLConnection openHttpsConnection(String url) {
HttpsURLConnection connection = null;
try {
URL myURL = new URL(url);
LOGGER.debug("Opening stream to {}", myURL);
connection = (HttpsURLConnection) myURL.openConnection(Proxy.NO_PROXY);
handleResponse(connection);
} catch (IOException ioe) {
throw new ConnectionException("Could not open https connection to node ", ioe);
}
return connection;
}
Then I use a unit test to verify my code:
public class HttpConnectionUtilsTest {
@Test
public void establishConnectionSuccessful() {
// Configure WireMock to use HTTPS and the SSL/TLS certificate
final String passwd = "secret";
URL trustStore = HttpConnectionUtilsTest.class.getClassLoader().getResource("com/company/util/truststore_ok.jks");
WireMockConfiguration wireMockConfiguration = wireMockConfig()
.httpsPort(8443)
.keystorePath(new File(trustStore.getFile()).getAbsolutePath())
.keystorePassword(passwd).needClientAuth(false)
.trustStorePath(new File(trustStore.getFile()).getAbsolutePath())
.trustStorePassword(passwd);
// Create a WireMockServer instance with the configuration
WireMockServer wireMockServer = new WireMockServer(wireMockConfiguration);
// start the server.
wireMockServer.start();
//Try to establish a connection to server over TLS/SSL.
HttpConnectionUtils.disableSslVerification();
HttpsURLConnection connection = HttpConnectionUtils.openHttpsConnection("
https://localhost:8443/");
// Stop the server
wireMockServer.stop();
}
}
When debugging the output from ssl I see:
javax.net.ssl|DEBUG|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:207|Ignore unavailable extension: application_layer_protocol_negotiation
javax.net.ssl|WARNING|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: status_request_v2
javax.net.ssl|WARNING|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: extended_master_secret
javax.net.ssl|WARNING|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:215|Ignore impact of unsupported extension: supported_versions
javax.net.ssl|DEBUG|1B|qtp1311315651-27|2023-03-31 17:17:00.692 CEST|SSLExtensions.java:207|Ignore unavailable extension: renegotiation_info
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.696 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.697 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.697 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.697 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for DSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.698 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for DSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for DSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for RSASSA-PSS
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.699 CEST|X509Authentication.java:301|No X.509 cert selected for DSA
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.700 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.701 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ALL|1B|qtp1311315651-27|2023-03-31 17:17:00.701 CEST|X509Authentication.java:301|No X.509 cert selected for EC
javax.net.ssl|ERROR|1B|qtp1311315651-27|2023-03-31 17:17:00.703 CEST|TransportContext.java:345|Fatal (HANDSHAKE_FAILURE): no cipher suites in common (
"throwable" : {
javax.net.ssl.SSLHandshakeException: no cipher suites in common
Why do I get this when I trust all certificates?
br,
//mike
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)