Message Boards
SSL Handshake Failure Alert for Liferay6.2 ce ga2
Saurabh Khandelwal, modified 3 Years ago.
SSL Handshake Failure Alert for Liferay6.2 ce ga2
New Member Posts: 14 Join Date: 1/18/19 Recent Posts
Hello all,
I'm using Liferay 6.2 CE GA2 Framework which is running on JDK7.
While calling Discourse Forum API using Apache httpclient it throws exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure.
I think this is because*JDK7 doesn’t implement any GCM cipher suite.And Discourse Forum is configured with SSL Protocol: TLSv1.2 and Strong Cipher Suites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
How to resolve this issue? Or is there any other way to call Discourse API from Java platform.
Thanks,
Saurabh Khandelwal
I'm using Liferay 6.2 CE GA2 Framework which is running on JDK7.
While calling Discourse Forum API using Apache httpclient it throws exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure.
I think this is because*JDK7 doesn’t implement any GCM cipher suite.And Discourse Forum is configured with SSL Protocol: TLSv1.2 and Strong Cipher Suites: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
How to resolve this issue? Or is there any other way to call Discourse API from Java platform.
Thanks,
Saurabh Khandelwal
Christoph Rabel, modified 3 Years ago.
RE: SSL Handshake Failure Alert for Liferay6.2 ce ga2
Liferay Legend Posts: 1554 Join Date: 9/24/09 Recent Posts
You can try to enable tls1.2 in Java 7:
https://www.baeldung.com/java-7-tls-v12
But probably you need to do code changes.
In my case that was not an option so I cheated. I placed a reverse proxy between Liferay and the service I needed to call. That way Liferay talks with the proxy and the proxy talks with the service.
Let's say, your forum url is https://discourse.somewhere.com:
1) On the reverse proxy, add a hosts configuration for discourse.somewhere.com
2) Create a self signed certificate for discourse.somewhere.com
3) ProxyPass all requests to "discourse.somewhere.com" to the real discourse.somewhere.com
Test it with curl
4) On the Liferay server, add discourse.somewhere.com to /etc/hosts with the IP of the reverse proxy
5) Trust that certificate in Liferay (import it in a truststore and configure it to use that truststore)
Since the proxy is yours, you can use all ciphers you want, even those old, deprecated ciphers Java 7 needs.
https://www.baeldung.com/java-7-tls-v12
But probably you need to do code changes.
In my case that was not an option so I cheated. I placed a reverse proxy between Liferay and the service I needed to call. That way Liferay talks with the proxy and the proxy talks with the service.
Let's say, your forum url is https://discourse.somewhere.com:
1) On the reverse proxy, add a hosts configuration for discourse.somewhere.com
2) Create a self signed certificate for discourse.somewhere.com
3) ProxyPass all requests to "discourse.somewhere.com" to the real discourse.somewhere.com
Test it with curl
4) On the Liferay server, add discourse.somewhere.com to /etc/hosts with the IP of the reverse proxy
5) Trust that certificate in Liferay (import it in a truststore and configure it to use that truststore)
Since the proxy is yours, you can use all ciphers you want, even those old, deprecated ciphers Java 7 needs.
Christoph Rabel, modified 3 Years ago.
RE: SSL Handshake Failure Alert for Liferay6.2 ce ga2
Liferay Legend Posts: 1554 Join Date: 9/24/09 Recent Posts
Oh, and I forgot something important: UPRADE YOUR LIFERAY. Your version is affected by a bad security issue, you should upgrade to the latest version and apply the binary patches!
https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches
https://liferay.dev/blogs/-/blogs/creating-liferay-security-binary-patches