Why am I getting handshake_failure when I clicking on repository test connection?

Some JDK versions and distributions exclude the permissions to use some cryptographic algorithms or SSL extensions, which could be required for a successful SSL handshake between a client and a server.

We noticed this behavior with the following versions:

  • Oopenjdk-1.8.0.144

  • Openjdk-1.8.0.91

  • Java-1.8.0_121

As mentioned in the JDK 8 readme “due to import control restrictions of some countries, the version of the JCE policy files that are bundled in the Java Runtime Environment, or JRE(TM), 8 environment allow "strong" but limited cryptography to be used”.

To Enable these, do one of the following:

1. For Java version 1.8.0-151 and above it is possible to modify the /usr/lib/jvm/jre-oracle/lib/security/java.security file and set it to allow the unlimited crypto policy as demonstrated below:

crypto.policy=unlimited

2. Download and enable the Java Cryptography Extension (JCE) jar file that allows Unlimited Strength Jurisdiction Policy which contains no restrictions on cryptographic algorithms strength from here