Research Academy
My account Customers About Blog Careers Legal Contact Resellers
The Burp Suite User Forum was discontinued on the 1st November 2024.

Burp Suite User Forum

For support requests, go to the Support Center. To discuss with other Burp users, head to our Discord page.

SUPPORT CENTER DISCORD

Burp pro v1.7.08 - you have limited key lengths available JCE error

Mithun | Last updated: Oct 19, 2016 08:20AM UTC

Hi, I am running Burp pro v1.7.08. Java version is 1.8.0u112. I am getting the following errors with SSL traffic inspite of installing the JCE unlimited strength jurisdiction policy files for Java 8: Failed to auto-select SSL parameters for <website> You have limited key lengths available. To use stronger keys, please download and install the JCE unlimited strength jurisdiction policy files, from Oracle. javax.net.ssl.SSLException: Received fatal alert: handshake_failure Received fatal alert: handshake_failure I have copied the 2 jar files for the JCE unlimited strength into C:\Program Files\Java\jre1.8.0_112\lib\security and C:\Program Files\Java\jdk1.8.0_112\jre\lib\security. The value of the JAVA_HOME env variable is C:\Program Files\Java\jdk1.8.0_112. How can this error be resolved? FYI, I tried disabling the Java SNI extension and that didn't help either. Thanks

Liam, PortSwigger Agent | Last updated: Oct 19, 2016 01:22PM UTC

HI Mithun Thanks for your message. The error message and rendering issue indicate that your manual installation hasn't been successful. If you can't get Burp to work by installing the JCE unlimited strength jurisdiction policy files or by changing the settings at Options / SSL / SSL Negotiation, then piping the traffic via ZAP is a reasonable solution. ZAP uses the Bouncycastle library for SSL. In practice, this and native Java SSL work better or worse on different target SSL configurations. Please let us know if you need any further assistance.

Burp User | Last updated: Apr 11, 2017 05:40PM UTC

Hi, I'm having this issue as well on both a Windows installation as well as with local JAR files on another machine. I've done the same as Mithun above with the JCE policy files to no avail. Aside from proxying through another tool such as ZAP, what is the solution? Thanks!

Burp User | Last updated: Apr 11, 2017 06:07PM UTC