SSL Handshake Failure Alert for Liferay6.2 ce ga2SSL Handshake Failure Alert for Liferay6.2 ce ga2https://liferay.dev/en/c/message_boards/find_thread?p_l_id=119785333&threadId=1192468712024-03-28T09:25:56Z2024-03-28T09:25:56ZRE: SSL Handshake Failure Alert for Liferay6.2 ce ga2Christoph Rabelhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1192516092020-05-27T07:07:57Z2020-05-27T07:07:57ZOh, and I forgot something important: UPRADE YOUR LIFERAY. Your version is affected by a bad security issue, you should upgrade to the latest version and apply the binary patches!<br /><a href="https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches">https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches</a>Christoph Rabel2020-05-27T07:07:57ZRE: SSL Handshake Failure Alert for Liferay6.2 ce ga2Christoph Rabelhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1192485602020-05-27T06:53:24Z2020-05-27T06:53:24ZYou can try to enable tls1.2 in Java 7:<br /><a href="https://www.baeldung.com/java-7-tls-v12">https://www.baeldung.com/java-7-tls-v12</a><br />But probably you need to do code changes. <br />In my case that was not an option so I cheated. I placed a reverse proxy between Liferay and the service I needed to call. That way Liferay talks with the proxy and the proxy talks with the service.<br />Let's say, your forum url is <a href="https://discourse.somewhere">https://discourse.somewhere</a>.com:<br />1) On the reverse proxy, add a hosts configuration for discourse.somewhere.com<br />2) Create a self signed certificate for discourse.somewhere.com<br />3) ProxyPass all requests to "discourse.somewhere.com" to the real discourse.somewhere.com<br />Test it with curl<br />4) On the Liferay server, add <a href="https://discourse.somewhere">discourse.somewhere</a>.com to /etc/hosts with the IP of the reverse proxy<br />5) Trust that certificate in Liferay (import it in a truststore and configure it to use that truststore)<br />Since the proxy is yours, you can use all ciphers you want, even those old, deprecated ciphers Java 7 needs.Christoph Rabel2020-05-27T06:53:24ZSSL Handshake Failure Alert for Liferay6.2 ce ga2Saurabh Khandelwalhttps://liferay.dev/en/c/message_boards/find_message?p_l_id=119785333&messageId=1192468702020-05-27T05:09:02Z2020-05-27T05:09:02ZHello all,<br />I'm using Liferay 6.2 CE GA2 Framework which is running on JDK7. <br />While calling Discourse Forum API using Apache httpclient it throws exception: <strong><strong>javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure</strong></strong>.<br />I think this is because*JDK7 doesn’t implement any <strong><strong>GCM</strong></strong> cipher suite.And Discourse Forum is configured with SSL Protocol: <strong><strong>TLSv1.2</strong></strong> and Strong Cipher Suites: <strong><strong>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</strong></strong><br /><strong><strong></strong></strong><br />How to