SSL handshake error on making REST calls to Marketo instance using Oracle Java 8-191 update

Level 1

SSL handshake error on making REST calls to Marketo instance using Oracle Java 8-191 update

We are making Marketo REST API calls and getting an SSL Handshake error with Oracle Java 8-191 update. In Oracle Java 8-191 update 3DES_EDE_CBC (Configure Oracle 's JDK and JRE Cryptographic Algorithms) has been added to disabled algorithm list. Additionally, due to project need we are not packaging the elliptic curve library in the jre. This is causing an SSL handshake issue while connecting to marketo instance. Can anyone guide through this issue if there is any other library that can be used to solve this problem? Also what are the cipher suites supported by Marketo server?

Tags (1)
3 REPLIES 3
Highlighted

Re: SSL handshake error on making REST calls to Marketo instance using Oracle Java 8-191 update

Additionally, due to project need we are not packaging the elliptic curve library in the jre.

What possible project need could prohibit a library that is essential for its own operation?

Also what are the cipher suites supported by Marketo server?

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)

Can anyone guide through this issue if there is any other library that can be used to solve this problem?

Maybe BouncyCastle, can't imagine why you're putting yourself in this situation though.

Level 1

Re: SSL handshake error on making REST calls to Marketo instance using Oracle Java 8-191 update

Hey thanks for the help!!

But didn't understand one thing; the Marketo supported cipher suites listed above does not include 3DES_EDE_CBC in it. Then how is it working for us without the Oracle Java 8-191 update when 3DES_EDE_CBC was not disabled?

Re: SSL handshake error on making REST calls to Marketo instance using Oracle Java 8-191 update

Obviously I left out the one whose support was removed by Oracle. Those are the remaining supported cipher suites, and they're all EC.

You still haven't explained why you'd be deliberately removing support for more secure suites in your application.