HtmlUnit + java: cannot open SSL site. SSLException: Received fatal alert: illegal_parameter

Question

I've had some experience with HtmlUnit (2.18 + openjdk8) on other tasks, but now struggling to even enter one site (it is "RSA security console", I cannot make it public). Real browsers behave differently: IE11 works flawlessly. Chromium doesn't enter it at all (no button "proceed" only message ERR_SSL_PROTOCOL_ERROR).

What I've tried:

System.setProperty("jsse.enableSNIExtension", "false");
System.setProperty("com.sun.net.ssl.enableECC", "false");

right after webClient = new WebClient(BrowserVersion.INTERNET_EXPLORER_11);

all browsers (IE8,IE11,Firefox,Chrome) different combination of listed protocols (and all of them):

System.setProperty("https.protocols", "TLSv1.2,TLSv1,SSLv3,SSLv2Hello");

this option is set

webClient.getOptions().setUseInsecureSSL(true);

But still get the error:

trigger seeding of SecureRandom
done seeding SecureRandom
Allow unsafe renegotiation: false
Allow legacy hello messages: true
Is initial handshake: true
Is secure renegotiation: false
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1.1
Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1.1
%% No cached client session
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1446718649 bytes = { 6, 202, 65, 33, 96, 147, 156, 1, 115, 163, 155, 6, 236, 146, 167, 124, 124, 145, 95, 84, 228, 56, 145, 104, 194, 30, 38, 228 }
Session ID:  {}
Cipher Suites: [TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods:  { 0 }
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
main, WRITE: TLSv1.2 Handshake, length = 119
main, READ: SSLv3 Alert, length = 2
main, RECV TLSv1.2 ALERT:  fatal, illegal_parameter
main, called closeSocket()
main, handling exception: javax.net.ssl.SSLException: Received fatal alert: illegal_parameter
loadURL javax.net.ssl.SSLException: Received fatal alert: illegal_parameter

Process finished with exit code 0

Is it possible to set java for a permissive mode? I do not really need encryption at all. The certificate is self-signed.

It is difficult to investigate without access. Can you deploy the certificate to a new Tomcat installation, and provide the steps to reproduce the issue? — Ahmed Ashour, Nov 05 '15 at 15:18
Also, try `-Dsun.security.ssl.allowUnsafeRenegotiation=true` — Ahmed Ashour, Nov 05 '15 at 15:28

HtmlUnit + java: cannot open SSL site. SSLException: Received fatal alert: illegal_parameter

0 Answers0