Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
handshake_failure SSL error
#1
One torrent site I use has switched SSL certificate and now vuze fails to connect to it. The site works in Firefox and Internet Explorer.



Code:
[22:33:56] [tracker] Error from scrape interface https://www.norbits.net/scrape.php?passkey=xxxxxxxxx : Received fatal alert: handshake_failure (class javax.net.ssl.SSLHandshakeException)
[22:33:58] [stderr] DEBUG::Sat Nov 01 22:33:58 CET 2014::org.gudy.azureus2.core3.security.impl.SESecurityManagerImpl::installServerCertificates::943:
[22:33:58] [stderr] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[22:33:58] [stderr] at sun.security.ssl.Alerts.getSSLException(Unknown Source)
[22:33:58] [stderr] at sun.security.ssl.Alerts.getSSLException(Unknown Source)
[22:33:58] [stderr] at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
[22:33:58] [stderr] at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
[22:33:58] [stderr] at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
[22:33:58] [stderr] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
[22:33:58] [stderr] at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
[22:33:58] [stderr] at org.gudy.azureus2.core3.security.impl.SESecurityManagerImpl.installServerCertificates(SESecurityManagerImpl.java:843)
[22:33:58] [stderr] at org.gudy.azureus2.core3.security.SESecurityManager.installServerCertificates(SESecurityManager.java:111)
[22:33:58] [stderr] at org.gudy.azureus2.core3.tracker.client.impl.bt.TrackerStatus.scrapeHTTPSupport(TrackerStatus.java:1347)
[22:33:58] [stderr] at org.gudy.azureus2.core3.tracker.client.impl.bt.TrackerStatus.scrapeHTTP(TrackerStatus.java:1045)
[22:33:58] [stderr] at org.gudy.azureus2.core3.tracker.client.impl.bt.TrackerStatus.runScrapesSupport(TrackerStatus.java:577)
[22:33:58] [stderr] at org.gudy.azureus2.core3.tracker.client.impl.bt.TrackerStatus$2.runSupport(TrackerStatus.java:342)
[22:33:58] [stderr] at org.gudy.azureus2.core3.util.AERunnable.run(AERunnable.java:38)
[22:33:58] [stderr] at org.gudy.azureus2.core3.util.ThreadPool.runIt(ThreadPool.java:327)
[22:33:58] [stderr] at org.gudy.azureus2.core3.util.ThreadPool$threadPoolWorker.run(ThreadPool.java:732)
[22:33:58] [stderr] at org.gudy.azureus2.core3.util.AEThread2$threadWrapper.run(AEThread2.java:297)

 Java 1.8.0_25

 Oracle Corporation
SWT v4427, win32
Windows 7 v6.1, amd64
V5.4.0.0/4 az2
Reply
#2
The problem is caused by the fact that the site uses AES 256 bit crypto - Java doesn't support this key strength by default due to cryptography export restrictions.

You need to install the 'unlimited jurisdiction policy files' into your Java runtime

http://www.oracle.com/technetwork/java/j...index.html

search for 'jurisdiction. on that page

Hopefully as such certificates become more common this will be fixed in the core distributions
Reply
#3
That fixed the problem, Thanks :)
Reply
#4
(11-01-2014, 05:51 PM)'parg' Wrote: The problem is caused by the fact that the site uses AES 256 bit crypto - Java doesn't support this key strength by default due to cryptography export restrictions.

You need to install the 'unlimited jurisdiction policy files' into your Java runtime

http://www.oracle.com/technetwork/java/j...index.html

search for 'jurisdiction. on that page

Hopefully as such certificates become more common this will be fixed in the core distributions


 


Hi,

I had the same error  (handshake_failure) so I did the steps you recommended, and now I get a different error: "IO Exception: Connection refused: connect" after it waits for a while. I tried using the respective unlimited strength files for java 1.7 and 1.8 (and switching which version Vuze was using) but it did not help.

Current Config:
Java 1.8.0_25
 Oracle Corporation
SWT v4233, win32
Windows 7 v6.1, x86
V5.4.0.0/4 az2

Any help would be appreciated, thanks!
 

 
Reply
#5
'TimeIsAFactor\' dateline='\'1417095898'' Wrote:
'parg\' dateline='\'1414889489'' Wrote: The problem is caused by the fact that the site uses AES 256 bit crypto - Java doesn't support this key strength by default due to cryptography export restrictions.

You need to install the 'unlimited jurisdiction policy files' into your Java runtime

http://www.oracle.com/technetwork/java/j...index.html

search for 'jurisdiction. on that page

Hopefully as such certificates become more common this will be fixed in the core distributions



 

 


Hi,

I had the same error  (handshake_failure) so I did the steps you recommended, and now I get a different error: "IO Exception: Connection refused: connect" after it waits for a while. I tried using the respective unlimited strength files for java 1.7 and 1.8 (and switching which version Vuze was using) but it did not help.

Current Config:
Java 1.8.0_25
 Oracle Corporation
SWT v4233, win32
Windows 7 v6.1, x86
V5.4.0.0/4 az2

Any help would be appreciated, thanks!
 

 

 

 


I know this a very old thread . . . but I just ran into this problem as well.

I am running OS X 10.13.6

Here is how I solved it:

I went into terminal and typed in

sudo su
[enter login password]

[this puts you in super user mode and allows you to edit the file you need to edit]

Yes to those of you who are less than about 40 years old this is a bozo no-no . . . I've been using unix for about 30 years . . . I am old school so I am using the old school methods.

Then I typed in:

vi /Library/Internet\ Plug-Ins/JavaAppletPlugin.plugin/Contents/Home/lib/security/java.security

[this opens up the vi editor so you can modify the file in question]

once in vi I typed in
/crypto [this searches for the word crypto in the file]

Then I kept pressing n [for next] until I saw a line that looks like this (I had to press n 15 times) if you go past the line you wanted try p for previous:

#crypto.policy=unlimited

you need to remove the # from the beginning of that line

your cursor should be at the beginning of that line . . . if not move it to the beginning of that line.

Then:

press x [this deletes the character under the cursor]

Then press the escape key [ESC] [this allows you to enter special commands in vi]

Then press

:wq [this overwrites the saved version of the file with the version you just modified and quits the vi editor]

then press control-D [this logs you out of super-user mode]

you can quit terminal and restart Vuze and the problem will be ancient history!


At least that is what worked for me.

Following the instructions given in the link Parg gave us . . . I found to be difficult . . . so I read up a little more and I pieced together bits from about 3 different posts and came up with this method.

I hope this helps you or someone else!

------ Edit

Ok I take all of that back . . . that did not work . . . it only appeared to work . . . I am still working on getting this to work properly

Watch this space for details as I figure this out.  Do not attempt what I have outlined here . . . it will not work!
Reply
#6
Ok here is what I found out.

Depending upon the age of your computer and the age of your java installation and depending if when you got your last Mac (or 3) you copied everything over from a timeMachine backup those steps I outlined above might not work for you.

They might work . . . but not necessarily.

Try those steps above and if you are still getting errors here you go to:

http://www.oracle.com/technetwork/java/j...index.html

and search for jurisdiction and download the .zip file

Put the zip file on your desktop and double click on it to unzip

Then open terminal

type in

sudo su
[enter your password]

type in:

cd /Applications/.install4j/jre.bundle/Contents/Home/jre/lib/security/

then type in:

mv US_export_policy.jar US_export_policy.jar.old [this renames the existing file to existing.file.old for safekeeping]

then type in :

mv local_policy.jar local_policy.jar.old [see last step for explanation]

now you need to copy the files you just downloaded to this directory

cp ~[your_login_name_here]/Desktop/UnlimitedJCEPolicyJDK8/US_export_policy.jar . [~[your_login_name_here]/Desktop is the unix name for your /Desktop folder and the rest is the name of the file you want to copy . . . the last '.' means copy to the current directory]

then

cp ~[your_login_name_here]/Desktop/UnlimitedJCEPolicyJDK8/local_policy.jar . [see last step above for explanation]

and you are done

control-D to logout as root
control-D to logout as you
commmand-Q to quit terminal

Then restart Vuze and all should be well!
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  VUze 5.7.2.0 SNI troubles with SSL michaelfasher 5 7,445 05-17-2016, 11:24 AM
Last Post: michaelfasher
  Importing SSL Certificate akiraaisha 1 5,088 02-25-2016, 11:00 PM
Last Post: parg



Users browsing this thread: 1 Guest(s)