Intermittent handshake failures with Java 7

Question

Intermittent handshake failures with Java 7

asked Jul 30, 2013 in Java FTP by support2 (163k points)

Apparently there's a bug in Java 7 with DHE ciphers - 1 out of 256 SSL/TLS handshakes fails with DHE cipher suites when Java 7 is used.

The solution is to disable DHE cipher suites in the server or in edtFTPj/PRO.

You can do this by disabling all suites and selectively enabling non-DHE ciphers, e.g.

ftp.disableAllCipherSuites();
ftp.enableCipherSuites(SSLFTPCipherSuite.TLS_RSA_WITH_3DES_EDE_CBC_SHA);
ftp.enableCipherSuites(SSLFTPCipherSuite.TLS_RSA_WITH_DES_CBC_SHA);
ftp.enableCipherSuites(SSLFTPCipherSuite.TLS_RSA_WITH_RC4_128_MD5);
ftp.enableCipherSuites(SSLFTPCipherSuite.TLS_RSA_WITH_RC4_128_SHA);
ftp.enableCipherSuites(SSLFTPCipherSuite.TLS_RSA_WITH_RC4_128_SHA);
ftp.enableCipherSuites(SSLFTPCipherSuite.TLS_DH_RSA_WITH_3DES_EDE_CBC_SHA);

Note that the DH cipher suites should be ok. Here's a bug report and here's the Oracle bug report.

Intermittent handshake failures with Java 7

Please log in or register to add a comment.

Please log in or register to answer this question.

0 Answers

Categories