Message Boards

SSL Handshake Failure Alert for Liferay6.2 ce ga2

Saurabh Khandelwal, modified 3 Years ago.

SSL Handshake Failure Alert for Liferay6.2 ce ga2

New Member Posts: 14 Join Date: 1/18/19 Recent Posts
Hello all,
I'm using Liferay 6.2 CE GA2 Framework which is running on JDK7.
While calling Discourse Forum API using Apache httpclient it throws exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure.
I think this is because*JDK7 doesn’t implement any GCM cipher suite.And Discourse Forum is configured with SSL Protocol: TLSv1.2 and Strong Cipher Suites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

How to resolve this issue? Or is there any other way to call Discourse API from Java platform.
Thanks,
Saurabh Khandelwal
thumbnail
Christoph Rabel, modified 3 Years ago.

RE: SSL Handshake Failure Alert for Liferay6.2 ce ga2

Liferay Legend Posts: 1554 Join Date: 9/24/09 Recent Posts
You can try to enable tls1.2 in Java 7:
https://www.baeldung.com/java-7-tls-v12
But probably you need to do code changes.
In my case that was not an option so I cheated. I placed a reverse proxy between Liferay and the service I needed to call. That way Liferay talks with the proxy and the proxy talks with the service.
Let's say, your forum url is https://discourse.somewhere.com:
1) On the reverse proxy, add a hosts configuration for discourse.somewhere.com
2) Create a self signed certificate for discourse.somewhere.com
3) ProxyPass all requests to "discourse.somewhere.com" to the real discourse.somewhere.com
Test it with curl
4) On the Liferay server, add discourse.somewhere.com to /etc/hosts with the IP of the reverse proxy
5) Trust that certificate in Liferay (import it in a truststore and configure it to use that truststore)
Since the proxy is yours, you can use all ciphers you want, even those old, deprecated ciphers Java 7 needs.
thumbnail
Christoph Rabel, modified 3 Years ago.

RE: SSL Handshake Failure Alert for Liferay6.2 ce ga2

Liferay Legend Posts: 1554 Join Date: 9/24/09 Recent Posts
Oh, and I forgot something important: UPRADE YOUR LIFERAY. Your version is affected by a bad security issue, you should upgrade to the latest version and apply the binary patches!
https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches