You are viewing a plain text version of this content. The canonical link for it is here.
Posted to httpclient-users@hc.apache.org by Robson Roberto Souza Peixoto <ro...@gmail.com> on 2016/04/08 22:16:16 UTC
Trust all certificates
Hi guys,
I'm using the HC to crawler a lot of sites =D. It's working like a charm. I
really in love with HC.
But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure` when I try to access a page with a invalid
Certificate.
I googled a lot and tried all solutions, but no one worked.
Here a gist with my last try:
https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
Are there a easy solution to trust all certificates of all hosts with HC?
Thanks
--
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto
Re: Trust all certificates
Posted by Nick Chang <ni...@edge-technologies.com>.
Hello,
Have you tried the code suggested in this link?
http://stackoverflow.com/questions/2642777/trusting-all-certificates-using-httpclient-over-https
Nick
On Fri, Apr 8, 2016 at 9:29 PM, Bernd Eckenfels <ec...@zusammenkunft.net>
wrote:
> Hello,
>
> I suspect it is a problem with too short DH keys offered by Java 7
> clients. You can try to turn TLS_DHE_* ciphers off.
>
> According to SSL Labs it does also support ECDHE which should then work
> fine.
>
>
> https://www.ssllabs.com/ssltest/analyze.html?d=www.trf5.jus.br&s=189.39.123.181&latest
>
> Gruss
> Bernd
>
>
>
> Am Fri, 08 Apr 2016 23:29:42 +0000
> schrieb Robson Roberto Souza Peixoto <ro...@gmail.com>:
>
> > It's work well on java 8, but not on java 7 =/
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
>
Re: Trust all certificates
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
Hello,
I suspect it is a problem with too short DH keys offered by Java 7
clients. You can try to turn TLS_DHE_* ciphers off.
According to SSL Labs it does also support ECDHE which should then work
fine.
https://www.ssllabs.com/ssltest/analyze.html?d=www.trf5.jus.br&s=189.39.123.181&latest
Gruss
Bernd
Am Fri, 08 Apr 2016 23:29:42 +0000
schrieb Robson Roberto Souza Peixoto <ro...@gmail.com>:
> It's work well on java 8, but not on java 7 =/
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trust all certificates
Posted by Robson Roberto Souza Peixoto <ro...@gmail.com>.
Thanks all for the attention.
The AES_128_GCM was implemented only on java 8.
The list of ciphers and the jvm version are here:
http://docs.oracle.com/javase/8/docs/technotes/guides/security/SunProviders.html#SupportedCipherSuites
I have upgraded to java8 and everything are working like charm.
Again, Thanks a lot!
On Sat, Apr 9, 2016 at 8:01 AM R Smith <ry...@gmail.com> wrote:
> FWIW, In httpclient 4.3.x, I extend the TrustStrategy class to create a
> "TrustAllTrustStrategy" class and I use this for handling SSL certs.
>
> import java.security.cert.CertificateException;
> import java.security.cert.X509Certificate;
>
> import org.apache.http.conn.ssl.TrustStrategy;
> /**
> * When you want to accept all ssl certs, even ones that are not trusted,
> use this class implementation of the trust strategy.
> */
> public class TrustAllTrustStrategy implements TrustStrategy {
> @Override
> public boolean isTrusted(X509Certificate[] chain, String authType) throws
> CertificateException {
> return true; // trust everything like the class name says.
> }
> }
>
> When instantiating the HttpClient class, I set TrustAllTrustStrategy as the
> TrustStrategy.
>
> hth, -Ryan
>
> On Sat, Apr 9, 2016 at 12:06 AM, Brent Putman <pu...@georgetown.edu>
> wrote:
>
> > You can set the JSSE system property javax.net.debug to get a lot of
> > debug output. It will probably tell you why the handshake fails. Try
> > "javax.net.debug=ssl" or "javax.net.debug=all" . You can see all the
> > options for that here:
> >
> >
> >
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
> >
> > The output goes to stdout (or stderr, can't remember which).
> >
> >
> >
> > On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> > > Thanks a lot, Sam Wilson.
> > > I'll read it.
> > >
> > > It's work well on java 8, but not on java 7 =/
> > > From Google Chrome:
> > > ```
> > > Your connection to www.trf5.jus.br is encrypted using a modern cipher
> > suite.
> > > The connection uses TLS 1.2.
> > > The connection is encrypted and authenticated using AES_128_GCM and
> uses
> > > ECDHE_RSA as the key exchange mechanism.
> > > ```
> > >
> > > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <te...@hotmail.com>
> > wrote:
> > >
> > >> There are quite a few documents out there that go over SSL/TLS. Really
> > >> depends on what you need to know. Wikipedia might be a good place to
> > >> start, and there's always google to find out more. I seem to remember
> > >> Mozilla had some decent high level documentation, but I think they've
> > >> marked it as out of date.
> > >>
> > >> What's happening right now is that you can't complete the SSL
> handshake
> > >> for some reason. StackOverflow has a post about someone having a
> similar
> > >> problem: http://stackoverflow.com/a/6353956
> > >>
> > >> Hope that helps,
> > >> Sam
> > >>
> > >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> > >>> I'm a complete noob. Are there resources to help-me understand the
> > >> problem.
> > >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <te...@hotmail.com>
> > >> wrote:
> > >>>> You can only turn off as much SSL validation as you control. The
> > server
> > >>>> may also terminate a connection (say, for instance, it requires a
> > client
> > >>>> SSL certificate.)
> > >>>>
> > >>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> > >>>>> But are there a way to disable the `SSL Verification`?
> > >>>>>
> > >>>>> I just wanna to ignore all SSL Verification.
> > >>>>>
> > >>>>> Thanks
> > >>>>>
> > >>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <
> > ecki@zusammenkunft.net
> > >>>>> wrote:
> > >>>>>
> > >>>>>> The exception you are showing means the server terminated the
> > >> handshake
> > >>>>>> for some reason. Hard to say why. It might require a client cert
> or
> > >> does
> > >>>>>> not like yout proposed ciphers or ssl protocols.
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> This particular exception seems not related to untrusted
> > certificates,
> > >>>>>> your different approaches are both valid to accept all certs (ad
> > long
> > >>>> as it
> > >>>>>> understands a common cipher and certificate type)
> > >>>>>>
> > >>>>>>
> > >>>>>> Gruss
> > >>>>>> Bernd
> > >>>>>> --
> > >>>>>> http://bernd.eckenfels.net
> > >>>>>> From Win 10 Mobile
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> *Von: *Robson Roberto Souza Peixoto <ro...@gmail.com>
> > >>>>>> *Gesendet: *Freitag, 8. April 2016 22:16
> > >>>>>> *An: *httpclient-users@hc.apache.org
> > >>>>>> *Betreff: *Trust all certificates
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> Hi guys,
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> I'm using the HC to crawler a lot of sites =D. It's working like a
> > >>>> charm. I
> > >>>>>> really in love with HC.
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> > >> Received
> > >>>>>> fatal alert: handshake_failure` when I try to access a page with a
> > >>>> invalid
> > >>>>>> Certificate.
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>>> I googled a lot and tried all solutions, but no one worked.
> > >>>>>>
> > >>>>>> Here a gist with my last try:
> > >>>>>>
> > >>>>>>
> > >>
> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> > >>>>>>
> > >>>>>>
> > >>>>>> Are there a easy solution to trust all certificates of all hosts
> > with
> > >>>> HC?
> > >>>>>>
> > >>>>>> Thanks
> > >>>>>>
> > >>>>>> --
> > >>>>>>
> > >>>>>> Robson Roberto Souza Peixoto
> > >>>>>>
> > >>>>>> Robinho
> > >>>>>>
> > >>>>>> Master in Computer Science, University of Campinas
> > >>>>>>
> > >>>>>> IRC: robsonpeixoto
> > >>>>>>
> > >>>>>> Twitter: http://twitter.com/robinhopeixoto
> > >>>>>>
> > >>>>>> github: https://github.com/robsonpeixoto
> > >>>>>>
> > >>>>>>
> > >>>>>>
> > >>>>
> ---------------------------------------------------------------------
> > >>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > >>>> For additional commands, e-mail:
> httpclient-users-help@hc.apache.org
> > >>>>
> > >>>> --
> > >>> Robson Roberto Souza Peixoto
> > >>> Robinho
> > >>> Master in Computer Science, University of Campinas
> > >>> IRC: robsonpeixoto
> > >>> Twitter: http://twitter.com/robinhopeixoto
> > >>> github: https://github.com/robsonpeixoto
> > >>>
> > >>
> > >> ---------------------------------------------------------------------
> > >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> > >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> > >>
> > >> --
> > > Robson Roberto Souza Peixoto
> > > Robinho
> > > Master in Computer Science, University of Campinas
> > > IRC: robsonpeixoto
> > > Twitter: http://twitter.com/robinhopeixoto
> > > github: https://github.com/robsonpeixoto
> > >
> >
> >
>
--
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto
Re: Trust all certificates
Posted by R Smith <ry...@gmail.com>.
FWIW, In httpclient 4.3.x, I extend the TrustStrategy class to create a
"TrustAllTrustStrategy" class and I use this for handling SSL certs.
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import org.apache.http.conn.ssl.TrustStrategy;
/**
* When you want to accept all ssl certs, even ones that are not trusted,
use this class implementation of the trust strategy.
*/
public class TrustAllTrustStrategy implements TrustStrategy {
@Override
public boolean isTrusted(X509Certificate[] chain, String authType) throws
CertificateException {
return true; // trust everything like the class name says.
}
}
When instantiating the HttpClient class, I set TrustAllTrustStrategy as the
TrustStrategy.
hth, -Ryan
On Sat, Apr 9, 2016 at 12:06 AM, Brent Putman <pu...@georgetown.edu>
wrote:
> You can set the JSSE system property javax.net.debug to get a lot of
> debug output. It will probably tell you why the handshake fails. Try
> "javax.net.debug=ssl" or "javax.net.debug=all" . You can see all the
> options for that here:
>
>
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
>
> The output goes to stdout (or stderr, can't remember which).
>
>
>
> On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> > Thanks a lot, Sam Wilson.
> > I'll read it.
> >
> > It's work well on java 8, but not on java 7 =/
> > From Google Chrome:
> > ```
> > Your connection to www.trf5.jus.br is encrypted using a modern cipher
> suite.
> > The connection uses TLS 1.2.
> > The connection is encrypted and authenticated using AES_128_GCM and uses
> > ECDHE_RSA as the key exchange mechanism.
> > ```
> >
> > On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <te...@hotmail.com>
> wrote:
> >
> >> There are quite a few documents out there that go over SSL/TLS. Really
> >> depends on what you need to know. Wikipedia might be a good place to
> >> start, and there's always google to find out more. I seem to remember
> >> Mozilla had some decent high level documentation, but I think they've
> >> marked it as out of date.
> >>
> >> What's happening right now is that you can't complete the SSL handshake
> >> for some reason. StackOverflow has a post about someone having a similar
> >> problem: http://stackoverflow.com/a/6353956
> >>
> >> Hope that helps,
> >> Sam
> >>
> >> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> >>> I'm a complete noob. Are there resources to help-me understand the
> >> problem.
> >>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <te...@hotmail.com>
> >> wrote:
> >>>> You can only turn off as much SSL validation as you control. The
> server
> >>>> may also terminate a connection (say, for instance, it requires a
> client
> >>>> SSL certificate.)
> >>>>
> >>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> >>>>> But are there a way to disable the `SSL Verification`?
> >>>>>
> >>>>> I just wanna to ignore all SSL Verification.
> >>>>>
> >>>>> Thanks
> >>>>>
> >>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <
> ecki@zusammenkunft.net
> >>>>> wrote:
> >>>>>
> >>>>>> The exception you are showing means the server terminated the
> >> handshake
> >>>>>> for some reason. Hard to say why. It might require a client cert or
> >> does
> >>>>>> not like yout proposed ciphers or ssl protocols.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> This particular exception seems not related to untrusted
> certificates,
> >>>>>> your different approaches are both valid to accept all certs (ad
> long
> >>>> as it
> >>>>>> understands a common cipher and certificate type)
> >>>>>>
> >>>>>>
> >>>>>> Gruss
> >>>>>> Bernd
> >>>>>> --
> >>>>>> http://bernd.eckenfels.net
> >>>>>> From Win 10 Mobile
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> *Von: *Robson Roberto Souza Peixoto <ro...@gmail.com>
> >>>>>> *Gesendet: *Freitag, 8. April 2016 22:16
> >>>>>> *An: *httpclient-users@hc.apache.org
> >>>>>> *Betreff: *Trust all certificates
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> Hi guys,
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> I'm using the HC to crawler a lot of sites =D. It's working like a
> >>>> charm. I
> >>>>>> really in love with HC.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> >> Received
> >>>>>> fatal alert: handshake_failure` when I try to access a page with a
> >>>> invalid
> >>>>>> Certificate.
> >>>>>>
> >>>>>>
> >>>>>>
> >>>>>> I googled a lot and tried all solutions, but no one worked.
> >>>>>>
> >>>>>> Here a gist with my last try:
> >>>>>>
> >>>>>>
> >> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> >>>>>>
> >>>>>>
> >>>>>> Are there a easy solution to trust all certificates of all hosts
> with
> >>>> HC?
> >>>>>>
> >>>>>> Thanks
> >>>>>>
> >>>>>> --
> >>>>>>
> >>>>>> Robson Roberto Souza Peixoto
> >>>>>>
> >>>>>> Robinho
> >>>>>>
> >>>>>> Master in Computer Science, University of Campinas
> >>>>>>
> >>>>>> IRC: robsonpeixoto
> >>>>>>
> >>>>>> Twitter: http://twitter.com/robinhopeixoto
> >>>>>>
> >>>>>> github: https://github.com/robsonpeixoto
> >>>>>>
> >>>>>>
> >>>>>>
> >>>> ---------------------------------------------------------------------
> >>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>>>
> >>>> --
> >>> Robson Roberto Souza Peixoto
> >>> Robinho
> >>> Master in Computer Science, University of Campinas
> >>> IRC: robsonpeixoto
> >>> Twitter: http://twitter.com/robinhopeixoto
> >>> github: https://github.com/robsonpeixoto
> >>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>
> >> --
> > Robson Roberto Souza Peixoto
> > Robinho
> > Master in Computer Science, University of Campinas
> > IRC: robsonpeixoto
> > Twitter: http://twitter.com/robinhopeixoto
> > github: https://github.com/robsonpeixoto
> >
>
>
Re: Trust all certificates
Posted by Brent Putman <pu...@georgetown.edu>.
You can set the JSSE system property javax.net.debug to get a lot of
debug output. It will probably tell you why the handshake fails. Try
"javax.net.debug=ssl" or "javax.net.debug=all" . You can see all the
options for that here:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#Debug
The output goes to stdout (or stderr, can't remember which).
On 4/8/16 7:29 PM, Robson Roberto Souza Peixoto wrote:
> Thanks a lot, Sam Wilson.
> I'll read it.
>
> It's work well on java 8, but not on java 7 =/
> From Google Chrome:
> ```
> Your connection to www.trf5.jus.br is encrypted using a modern cipher suite.
> The connection uses TLS 1.2.
> The connection is encrypted and authenticated using AES_128_GCM and uses
> ECDHE_RSA as the key exchange mechanism.
> ```
>
> On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <te...@hotmail.com> wrote:
>
>> There are quite a few documents out there that go over SSL/TLS. Really
>> depends on what you need to know. Wikipedia might be a good place to
>> start, and there's always google to find out more. I seem to remember
>> Mozilla had some decent high level documentation, but I think they've
>> marked it as out of date.
>>
>> What's happening right now is that you can't complete the SSL handshake
>> for some reason. StackOverflow has a post about someone having a similar
>> problem: http://stackoverflow.com/a/6353956
>>
>> Hope that helps,
>> Sam
>>
>> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
>>> I'm a complete noob. Are there resources to help-me understand the
>> problem.
>>> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <te...@hotmail.com>
>> wrote:
>>>> You can only turn off as much SSL validation as you control. The server
>>>> may also terminate a connection (say, for instance, it requires a client
>>>> SSL certificate.)
>>>>
>>>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
>>>>> But are there a way to disable the `SSL Verification`?
>>>>>
>>>>> I just wanna to ignore all SSL Verification.
>>>>>
>>>>> Thanks
>>>>>
>>>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <ecki@zusammenkunft.net
>>>>> wrote:
>>>>>
>>>>>> The exception you are showing means the server terminated the
>> handshake
>>>>>> for some reason. Hard to say why. It might require a client cert or
>> does
>>>>>> not like yout proposed ciphers or ssl protocols.
>>>>>>
>>>>>>
>>>>>>
>>>>>> This particular exception seems not related to untrusted certificates,
>>>>>> your different approaches are both valid to accept all certs (ad long
>>>> as it
>>>>>> understands a common cipher and certificate type)
>>>>>>
>>>>>>
>>>>>> Gruss
>>>>>> Bernd
>>>>>> --
>>>>>> http://bernd.eckenfels.net
>>>>>> From Win 10 Mobile
>>>>>>
>>>>>>
>>>>>>
>>>>>> *Von: *Robson Roberto Souza Peixoto <ro...@gmail.com>
>>>>>> *Gesendet: *Freitag, 8. April 2016 22:16
>>>>>> *An: *httpclient-users@hc.apache.org
>>>>>> *Betreff: *Trust all certificates
>>>>>>
>>>>>>
>>>>>>
>>>>>> Hi guys,
>>>>>>
>>>>>>
>>>>>>
>>>>>> I'm using the HC to crawler a lot of sites =D. It's working like a
>>>> charm. I
>>>>>> really in love with HC.
>>>>>>
>>>>>>
>>>>>>
>>>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
>> Received
>>>>>> fatal alert: handshake_failure` when I try to access a page with a
>>>> invalid
>>>>>> Certificate.
>>>>>>
>>>>>>
>>>>>>
>>>>>> I googled a lot and tried all solutions, but no one worked.
>>>>>>
>>>>>> Here a gist with my last try:
>>>>>>
>>>>>>
>> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
>>>>>>
>>>>>>
>>>>>> Are there a easy solution to trust all certificates of all hosts with
>>>> HC?
>>>>>>
>>>>>> Thanks
>>>>>>
>>>>>> --
>>>>>>
>>>>>> Robson Roberto Souza Peixoto
>>>>>>
>>>>>> Robinho
>>>>>>
>>>>>> Master in Computer Science, University of Campinas
>>>>>>
>>>>>> IRC: robsonpeixoto
>>>>>>
>>>>>> Twitter: http://twitter.com/robinhopeixoto
>>>>>>
>>>>>> github: https://github.com/robsonpeixoto
>>>>>>
>>>>>>
>>>>>>
>>>> ---------------------------------------------------------------------
>>>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>>>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>>>
>>>> --
>>> Robson Roberto Souza Peixoto
>>> Robinho
>>> Master in Computer Science, University of Campinas
>>> IRC: robsonpeixoto
>>> Twitter: http://twitter.com/robinhopeixoto
>>> github: https://github.com/robsonpeixoto
>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>> --
> Robson Roberto Souza Peixoto
> Robinho
> Master in Computer Science, University of Campinas
> IRC: robsonpeixoto
> Twitter: http://twitter.com/robinhopeixoto
> github: https://github.com/robsonpeixoto
>
Re: Trust all certificates
Posted by Robson Roberto Souza Peixoto <ro...@gmail.com>.
Thanks a lot, Sam Wilson.
I'll read it.
It's work well on java 8, but not on java 7 =/
>From Google Chrome:
```
Your connection to www.trf5.jus.br is encrypted using a modern cipher suite.
The connection uses TLS 1.2.
The connection is encrypted and authenticated using AES_128_GCM and uses
ECDHE_RSA as the key exchange mechanism.
```
On Fri, Apr 8, 2016 at 7:23 PM Sam Wilson <te...@hotmail.com> wrote:
> There are quite a few documents out there that go over SSL/TLS. Really
> depends on what you need to know. Wikipedia might be a good place to
> start, and there's always google to find out more. I seem to remember
> Mozilla had some decent high level documentation, but I think they've
> marked it as out of date.
>
> What's happening right now is that you can't complete the SSL handshake
> for some reason. StackOverflow has a post about someone having a similar
> problem: http://stackoverflow.com/a/6353956
>
> Hope that helps,
> Sam
>
> On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> > I'm a complete noob. Are there resources to help-me understand the
> problem.
> >
> > On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <te...@hotmail.com>
> wrote:
> >
> >> You can only turn off as much SSL validation as you control. The server
> >> may also terminate a connection (say, for instance, it requires a client
> >> SSL certificate.)
> >>
> >> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> >>> But are there a way to disable the `SSL Verification`?
> >>>
> >>> I just wanna to ignore all SSL Verification.
> >>>
> >>> Thanks
> >>>
> >>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <ecki@zusammenkunft.net
> >
> >>> wrote:
> >>>
> >>>> The exception you are showing means the server terminated the
> handshake
> >>>> for some reason. Hard to say why. It might require a client cert or
> does
> >>>> not like yout proposed ciphers or ssl protocols.
> >>>>
> >>>>
> >>>>
> >>>> This particular exception seems not related to untrusted certificates,
> >>>> your different approaches are both valid to accept all certs (ad long
> >> as it
> >>>> understands a common cipher and certificate type)
> >>>>
> >>>>
> >>>> Gruss
> >>>> Bernd
> >>>> --
> >>>> http://bernd.eckenfels.net
> >>>> From Win 10 Mobile
> >>>>
> >>>>
> >>>>
> >>>> *Von: *Robson Roberto Souza Peixoto <ro...@gmail.com>
> >>>> *Gesendet: *Freitag, 8. April 2016 22:16
> >>>> *An: *httpclient-users@hc.apache.org
> >>>> *Betreff: *Trust all certificates
> >>>>
> >>>>
> >>>>
> >>>> Hi guys,
> >>>>
> >>>>
> >>>>
> >>>> I'm using the HC to crawler a lot of sites =D. It's working like a
> >> charm. I
> >>>> really in love with HC.
> >>>>
> >>>>
> >>>>
> >>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException:
> Received
> >>>>
> >>>> fatal alert: handshake_failure` when I try to access a page with a
> >> invalid
> >>>> Certificate.
> >>>>
> >>>>
> >>>>
> >>>> I googled a lot and tried all solutions, but no one worked.
> >>>>
> >>>> Here a gist with my last try:
> >>>>
> >>>>
> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> >>>>
> >>>>
> >>>>
> >>>> Are there a easy solution to trust all certificates of all hosts with
> >> HC?
> >>>>
> >>>>
> >>>> Thanks
> >>>>
> >>>> --
> >>>>
> >>>> Robson Roberto Souza Peixoto
> >>>>
> >>>> Robinho
> >>>>
> >>>> Master in Computer Science, University of Campinas
> >>>>
> >>>> IRC: robsonpeixoto
> >>>>
> >>>> Twitter: http://twitter.com/robinhopeixoto
> >>>>
> >>>> github: https://github.com/robsonpeixoto
> >>>>
> >>>>
> >>>>
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> >> For additional commands, e-mail: httpclient-users-help@hc.apache.org
> >>
> >> --
> > Robson Roberto Souza Peixoto
> > Robinho
> > Master in Computer Science, University of Campinas
> > IRC: robsonpeixoto
> > Twitter: http://twitter.com/robinhopeixoto
> > github: https://github.com/robsonpeixoto
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
> --
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto
Re: Trust all certificates
Posted by Sam Wilson <te...@hotmail.com>.
There are quite a few documents out there that go over SSL/TLS. Really
depends on what you need to know. Wikipedia might be a good place to
start, and there's always google to find out more. I seem to remember
Mozilla had some decent high level documentation, but I think they've
marked it as out of date.
What's happening right now is that you can't complete the SSL handshake
for some reason. StackOverflow has a post about someone having a similar
problem: http://stackoverflow.com/a/6353956
Hope that helps,
Sam
On 4/8/16 5:22 PM, Robson Roberto Souza Peixoto wrote:
> I'm a complete noob. Are there resources to help-me understand the problem.
>
> On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <te...@hotmail.com> wrote:
>
>> You can only turn off as much SSL validation as you control. The server
>> may also terminate a connection (say, for instance, it requires a client
>> SSL certificate.)
>>
>> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
>>> But are there a way to disable the `SSL Verification`?
>>>
>>> I just wanna to ignore all SSL Verification.
>>>
>>> Thanks
>>>
>>> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <ec...@zusammenkunft.net>
>>> wrote:
>>>
>>>> The exception you are showing means the server terminated the handshake
>>>> for some reason. Hard to say why. It might require a client cert or does
>>>> not like yout proposed ciphers or ssl protocols.
>>>>
>>>>
>>>>
>>>> This particular exception seems not related to untrusted certificates,
>>>> your different approaches are both valid to accept all certs (ad long
>> as it
>>>> understands a common cipher and certificate type)
>>>>
>>>>
>>>> Gruss
>>>> Bernd
>>>> --
>>>> http://bernd.eckenfels.net
>>>> From Win 10 Mobile
>>>>
>>>>
>>>>
>>>> *Von: *Robson Roberto Souza Peixoto <ro...@gmail.com>
>>>> *Gesendet: *Freitag, 8. April 2016 22:16
>>>> *An: *httpclient-users@hc.apache.org
>>>> *Betreff: *Trust all certificates
>>>>
>>>>
>>>>
>>>> Hi guys,
>>>>
>>>>
>>>>
>>>> I'm using the HC to crawler a lot of sites =D. It's working like a
>> charm. I
>>>> really in love with HC.
>>>>
>>>>
>>>>
>>>> But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
>>>>
>>>> fatal alert: handshake_failure` when I try to access a page with a
>> invalid
>>>> Certificate.
>>>>
>>>>
>>>>
>>>> I googled a lot and tried all solutions, but no one worked.
>>>>
>>>> Here a gist with my last try:
>>>>
>>>> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
>>>>
>>>>
>>>>
>>>> Are there a easy solution to trust all certificates of all hosts with
>> HC?
>>>>
>>>>
>>>> Thanks
>>>>
>>>> --
>>>>
>>>> Robson Roberto Souza Peixoto
>>>>
>>>> Robinho
>>>>
>>>> Master in Computer Science, University of Campinas
>>>>
>>>> IRC: robsonpeixoto
>>>>
>>>> Twitter: http://twitter.com/robinhopeixoto
>>>>
>>>> github: https://github.com/robsonpeixoto
>>>>
>>>>
>>>>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
>> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>>
>> --
> Robson Roberto Souza Peixoto
> Robinho
> Master in Computer Science, University of Campinas
> IRC: robsonpeixoto
> Twitter: http://twitter.com/robinhopeixoto
> github: https://github.com/robsonpeixoto
>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trust all certificates
Posted by Robson Roberto Souza Peixoto <ro...@gmail.com>.
I'm a complete noob. Are there resources to help-me understand the problem.
On Fri, Apr 8, 2016 at 6:16 PM Sam Wilson <te...@hotmail.com> wrote:
> You can only turn off as much SSL validation as you control. The server
> may also terminate a connection (say, for instance, it requires a client
> SSL certificate.)
>
> On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> > But are there a way to disable the `SSL Verification`?
> >
> > I just wanna to ignore all SSL Verification.
> >
> > Thanks
> >
> > On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <ec...@zusammenkunft.net>
> > wrote:
> >
> >> The exception you are showing means the server terminated the handshake
> >> for some reason. Hard to say why. It might require a client cert or does
> >> not like yout proposed ciphers or ssl protocols.
> >>
> >>
> >>
> >> This particular exception seems not related to untrusted certificates,
> >> your different approaches are both valid to accept all certs (ad long
> as it
> >> understands a common cipher and certificate type)
> >>
> >>
> >> Gruss
> >> Bernd
> >> --
> >> http://bernd.eckenfels.net
> >> From Win 10 Mobile
> >>
> >>
> >>
> >> *Von: *Robson Roberto Souza Peixoto <ro...@gmail.com>
> >> *Gesendet: *Freitag, 8. April 2016 22:16
> >> *An: *httpclient-users@hc.apache.org
> >> *Betreff: *Trust all certificates
> >>
> >>
> >>
> >> Hi guys,
> >>
> >>
> >>
> >> I'm using the HC to crawler a lot of sites =D. It's working like a
> charm. I
> >>
> >> really in love with HC.
> >>
> >>
> >>
> >> But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
> >>
> >> fatal alert: handshake_failure` when I try to access a page with a
> invalid
> >>
> >> Certificate.
> >>
> >>
> >>
> >> I googled a lot and tried all solutions, but no one worked.
> >>
> >> Here a gist with my last try:
> >>
> >> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
> >>
> >>
> >>
> >> Are there a easy solution to trust all certificates of all hosts with
> HC?
> >>
> >>
> >>
> >> Thanks
> >>
> >> --
> >>
> >> Robson Roberto Souza Peixoto
> >>
> >> Robinho
> >>
> >> Master in Computer Science, University of Campinas
> >>
> >> IRC: robsonpeixoto
> >>
> >> Twitter: http://twitter.com/robinhopeixoto
> >>
> >> github: https://github.com/robsonpeixoto
> >>
> >>
> >>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
> For additional commands, e-mail: httpclient-users-help@hc.apache.org
>
> --
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto
Re: Trust all certificates
Posted by Sam Wilson <te...@hotmail.com>.
You can only turn off as much SSL validation as you control. The server
may also terminate a connection (say, for instance, it requires a client
SSL certificate.)
On 4/8/16 4:53 PM, Robson Roberto Souza Peixoto wrote:
> But are there a way to disable the `SSL Verification`?
>
> I just wanna to ignore all SSL Verification.
>
> Thanks
>
> On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <ec...@zusammenkunft.net>
> wrote:
>
>> The exception you are showing means the server terminated the handshake
>> for some reason. Hard to say why. It might require a client cert or does
>> not like yout proposed ciphers or ssl protocols.
>>
>>
>>
>> This particular exception seems not related to untrusted certificates,
>> your different approaches are both valid to accept all certs (ad long as it
>> understands a common cipher and certificate type)
>>
>>
>> Gruss
>> Bernd
>> --
>> http://bernd.eckenfels.net
>> From Win 10 Mobile
>>
>>
>>
>> *Von: *Robson Roberto Souza Peixoto <ro...@gmail.com>
>> *Gesendet: *Freitag, 8. April 2016 22:16
>> *An: *httpclient-users@hc.apache.org
>> *Betreff: *Trust all certificates
>>
>>
>>
>> Hi guys,
>>
>>
>>
>> I'm using the HC to crawler a lot of sites =D. It's working like a charm. I
>>
>> really in love with HC.
>>
>>
>>
>> But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
>>
>> fatal alert: handshake_failure` when I try to access a page with a invalid
>>
>> Certificate.
>>
>>
>>
>> I googled a lot and tried all solutions, but no one worked.
>>
>> Here a gist with my last try:
>>
>> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
>>
>>
>>
>> Are there a easy solution to trust all certificates of all hosts with HC?
>>
>>
>>
>> Thanks
>>
>> --
>>
>> Robson Roberto Souza Peixoto
>>
>> Robinho
>>
>> Master in Computer Science, University of Campinas
>>
>> IRC: robsonpeixoto
>>
>> Twitter: http://twitter.com/robinhopeixoto
>>
>> github: https://github.com/robsonpeixoto
>>
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: httpclient-users-unsubscribe@hc.apache.org
For additional commands, e-mail: httpclient-users-help@hc.apache.org
Re: Trust all certificates
Posted by Robson Roberto Souza Peixoto <ro...@gmail.com>.
But are there a way to disable the `SSL Verification`?
I just wanna to ignore all SSL Verification.
Thanks
On Fri, Apr 8, 2016 at 5:26 PM Bernd Eckenfels <ec...@zusammenkunft.net>
wrote:
> The exception you are showing means the server terminated the handshake
> for some reason. Hard to say why. It might require a client cert or does
> not like yout proposed ciphers or ssl protocols.
>
>
>
> This particular exception seems not related to untrusted certificates,
> your different approaches are both valid to accept all certs (ad long as it
> understands a common cipher and certificate type)
>
>
> Gruss
> Bernd
> --
> http://bernd.eckenfels.net
> From Win 10 Mobile
>
>
>
> *Von: *Robson Roberto Souza Peixoto <ro...@gmail.com>
> *Gesendet: *Freitag, 8. April 2016 22:16
> *An: *httpclient-users@hc.apache.org
> *Betreff: *Trust all certificates
>
>
>
> Hi guys,
>
>
>
> I'm using the HC to crawler a lot of sites =D. It's working like a charm. I
>
> really in love with HC.
>
>
>
> But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
>
> fatal alert: handshake_failure` when I try to access a page with a invalid
>
> Certificate.
>
>
>
> I googled a lot and tried all solutions, but no one worked.
>
> Here a gist with my last try:
>
> https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
>
>
>
> Are there a easy solution to trust all certificates of all hosts with HC?
>
>
>
> Thanks
>
> --
>
> Robson Roberto Souza Peixoto
>
> Robinho
>
> Master in Computer Science, University of Campinas
>
> IRC: robsonpeixoto
>
> Twitter: http://twitter.com/robinhopeixoto
>
> github: https://github.com/robsonpeixoto
>
>
>
--
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto
Re: Trust all certificates
Posted by Bernd Eckenfels <ec...@zusammenkunft.net>.
The exception you are showing means the server terminated the handshake for some reason. Hard to say why. It might require a client cert or does not like yout proposed ciphers or ssl protocols.
This particular exception seems not related to untrusted certificates, your different approaches are both valid to accept all certs (ad long as it understands a common cipher and certificate type)
Gruss
Bernd
--
http://bernd.eckenfels.net
>From Win 10 Mobile
Von: Robson Roberto Souza Peixoto
Gesendet: Freitag, 8. April 2016 22:16
An: httpclient-users@hc.apache.org
Betreff: Trust all certificates
Hi guys,
I'm using the HC to crawler a lot of sites =D. It's working like a charm. I
really in love with HC.
But I'm getting the error `javax.net.ssl.SSLHandshakeException: Received
fatal alert: handshake_failure` when I try to access a page with a invalid
Certificate.
I googled a lot and tried all solutions, but no one worked.
Here a gist with my last try:
https://gist.github.com/robsonpeixoto/07c0409e20a1332c586585fcd1e3db25
Are there a easy solution to trust all certificates of all hosts with HC?
Thanks
--
Robson Roberto Souza Peixoto
Robinho
Master in Computer Science, University of Campinas
IRC: robsonpeixoto
Twitter: http://twitter.com/robinhopeixoto
github: https://github.com/robsonpeixoto