Name is required.
Email address is required.
Invalid email address
Answer is required.
Exceeding max length of 5KB

TLS Problems

Ivan Nicola Biagi Dec 30, 2019 04:22AM UTC

I get on 90% hosts the ssl error for handshake:
java.net.ssl.SSLException: Received fatal alert: hanshake_failure.
I'm using burp with embedded JRE and SNI extensions disabled.
I've also tried to remove TLS 1.3 in list because the host maybe doesn't support it but no luck.
I have latest version of Burp Suite Professional 2.1.07, any advice?
Is this a bug?
Let me know because I need to proceed with my testings and my work at the moment is blocked.
Cheers


Liam Tai-Hogan Dec 30, 2019 01:30PM UTC Support Center agent

Ivan, is the site you are working on publicly accessible? If so, could you email the details to support@portswigger.net.

Alternatively, could you provide screenshots of the error messages?


Ivan Nicola Biagi Dec 30, 2019 10:13PM UTC
Hi, actually during test i've seen that with java 8 the problem doesn't appear. Any ideas why?
I also suggest to use BouncyCastle library as they have much more support for SSL and minor problems.

Hannah Law Jan 02, 2020 01:44PM UTC Support Center agent

Glad to hear you resolved your issue by using a different Java version.

In version 2.1.07, we have improved our SSL/TLS coverage (http://releases.portswigger.net/). This was done by using the BouncyCastle library.


Ivan Nicola Biagi Jan 02, 2020 04:40PM UTC
Yeah, but no luck for other hosts!
That's strange by the way, because with owasp zap i have no problem connecting.
Maybe i've setupped something bad?
Any ideas? Except for SNI disabled and accept invalid SSL certificates (in project options->tls).

Maybe this could be a problem of website's certificate?

Thanks for support!

Ben Wright Jan 03, 2020 08:26AM UTC Support Center agent

Hi Ivan,

Are you able to disclose which sites you are having issues with and are they publicly available so that we can investigate further?

If you would prefer to send us an email with this information then please feel free (you can send this to support@portswigger.net).


Post Your public answer

Your name
Your email address
Answer