-
-
Notifications
You must be signed in to change notification settings - Fork 61
SSL Handshake Failures
hrj edited this page Dec 24, 2014
·
2 revisions
There are currently two issues when navigating to HTTPS web-sites.
- SSL Handshake fails for servers that use only strong ciphers
- SSL Handshake fails for almost all https URLs on MacOSX
The first issue is caused by a crippled policy in Oracle JVM builds, and in Zulu builds. To comply with import laws of different countries, the key length of the ciphers available in the JVM is restricted to 128-bit. The user needs to install the JCE Unlimited Jurisdiction Policy manually.
OpenJDK builds in Debian / Ubuntu don't suffer from this limitation.
This is inconvenient to say the least. We are working on this in two ways:
- Trying to rewrite our code to be Java 7 compliant. Since OpenJDK-7 builds are more readily available, this will mitigate the problem a bit.
- Contacting vendors of JREs to reduce the pain at the source. For example, they could bundle the unlimited JCE jars along with appropriate notices.
We are currently not sure about the root cause of the second issue, but it is perhaps related to the first one.