Help save net neutrality! Learn more.
Close

how to force SSLv3 Hello with store.connect?

Help
Anonymous
2012-07-09
2013-06-05
  • Anonymous - 2012-07-09

    I am trying to connect a server with SSLv3 certificate, but the store.connect tries to send a TLSv1 Hello message:

    *** ClientHello, TLSv1
    RandomCookie:  GMT: 1324989259 bytes = { 132, 58, 5, 44, 78, 65, 189, 144, 242, 190, 185, 192, 12, 53, 219, 234, 177, 227, 151, 177, 3, 126, 191, 59, 235, 95, 244, 153 }
    Session ID:  {}
    Cipher Suites:
    Compression Methods:  { 0 }
    ***
    AWT-EventQueue-0, WRITE: TLSv1 Handshake, length = 73
    AWT-EventQueue-0, WRITE: SSLv2 client hello message, length = 98
    AWT-EventQueue-0, received EOFException: error
    AWT-EventQueue-0, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
    AWT-EventQueue-0, SEND TLSv1 ALERT:  fatal, description = handshake_failure
    AWT-EventQueue-0, WRITE: TLSv1 Alert, length = 2
    AWT-EventQueue-0, called closeSocket()

    Is there any way to force a SSLv3 Hello connection? I tried the connection with "normal" SSLSocket and it works fine if I set it to SSLv3.

     
  • Anonymous - 2012-07-09

    Dunno why but to force the SSL v3 I had to make a test connection to the server as follows:

    // próba połączenia
    SSLSocket socket;
    try {
    System.out.println("---------TEST---------");
    socket = (SSLSocket) SSLSocketFactory.getDefault().createSocket("server_address", PORT);
    String newProtocols = {"SSLv3"};
    socket.setEnabledProtocols(newProtocols);

                                    // BEGIN IT WOULD NOT WORK WITHOUT IT
    BufferedWriter out = new BufferedWriter(new OutputStreamWriter(socket.getOutputStream()));
    BufferedReader in = new BufferedReader(new InputStreamReader(socket.getInputStream()));
    out.write("GET HTTP/1.0");
    out.flush();
    out.close();
    in.close();
                                    // END IT WOULD NOT WORK WITHOUT IT
    System.out.println("---------/TEST---------");
    } catch (UnknownHostException e1) {
    // TODO Auto-generated catch block
    e1.printStackTrace();
    } catch (IOException e1) {
    // TODO Auto-generated catch block
    e1.printStackTrace();
    }

    and then store.connect uses SSLv3, uff….

     

Log in to post a comment.