Error: "javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake"
2,167 views
Skip to first unread message
Behrooz Aghakhanian
Apr 8, 2015, 12:13:26 PM4/8/15
to zaprox...@googlegroups.com
Hello
I'm using following environment:
- ZAP: D-20150330
- Java: 1.8.0.25
- Browser: Firefox 37.0.1
I'm testing two websites with same content but different SSL protocol stack
1 - TLS 1.2, ECDHE-RSA (authentication), AES_128_GCM-SHA265
2 - TLS 1.2, RSA (authentication), AES_256_CBC-SHA
I get this error: "javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake" when ZAP try to connect to second website. I works fine with the first website.
Same issue with latest stable version of ZAP
kingthorin+owaspzap
Apr 8, 2015, 1:34:23 PM4/8/15
to zaprox...@googlegroups.com
Are you able to connect directly with Firefox?
Matt Seil
Apr 8, 2015, 1:37:20 PM4/8/15
to zaprox...@googlegroups.com
What does ZAP's SSL configs look like? When I've faced this in the past, its because the website was defaulting to SSLv3 (!) and so I had to manually set it to exactly the protocol we needed.
--
You received this message because you are subscribed to the Google Groups "OWASP ZAP User Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to zaproxy-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
Matt Seil
Cyber Security Software Engineer
Member ACM/OWASPCyber Security Software Engineer
Behrooz Aghakhanian
Apr 9, 2015, 4:36:30 AM4/9/15
to zaprox...@googlegroups.com
Yes. I can.
Simon Bennetts
Apr 9, 2015, 4:40:40 AM4/9/15
to zaprox...@googlegroups.com
Does this FAQ help?
https://code.google.com/p/zaproxy/wiki/FAQsslHandshake
https://code.google.com/p/zaproxy/wiki/FAQsslHandshake
Behrooz Aghakhanian
Apr 9, 2015, 5:18:23 AM4/9/15
to zaprox...@googlegroups.com, xeno...@gmail.com
I tried all protocols in "Option -> Local Proxy" but did not solve the issue. Is there anywhere else I need to changes. Meanwhile, I faced this issue by IE and Chrome. I have tried Gatling Stress tool which also act as proxy and perform SSL man in the middle.Same issue was there also. Only Fiddler decrypted the traffic successfully.
Behrooz Aghakhanian
Apr 9, 2015, 5:36:48 AM4/9/15
to zaprox...@googlegroups.com
Thanks. It solved the issue. I downloaded version 8 as I'm using Java 1.8. I should read this FAQ before.
pink_devsec
May 28, 2019, 8:19:46 AM5/28/19
to OWASP ZAP User Group
Hi
I know this is an old thread but I'm having the same issues and the FAQ link that seem to resolve this issue isn't working for me.
"I downloaded version 8", just wondering what was version 8 or how was this resolved?
Thank you.
Peter Hauschulz
May 28, 2019, 8:29:42 AM5/28/19
to OWASP ZAP User Group
Looks like 'version 8' meant Java version 8
You are probably already using that but it's worth a guess, what does 'java --version' show for you?
Do you have the TLS Debug Add-on for ZAP, and what does it show for the URL you are having a problem with?
Does every site have the same problem, or only certain ones?
Also if you are keen to use Wireshark, that could give a lot of information about what is happening during the handshake failure
Reply all
Reply to author
Forward
0 new messages