15 years ago
SSL Handshake Exception Error
I've been running into a problem very similar, if not identical, to the ones documented in these threads:
http://www.eviware.com/forum/viewtopic.php?f=5&t=2533&hilit=ssl+handshake+error
http://www.eviware.com/forum/viewtopic.php?f=5&t=5058&hilit=ssl+handshake+error
It happens with SoapUI (community version) version 3.0 and higher with JRE 6 up to update 22 (i.e., the latest one to date). It does *not* happen with SoapUI v2.5.1 regardless of the JRE version. The web service app. runs on Websphere 6.1 with IBM HTTP Server 6.1 and the packaged mod_ibm_ssl using a self-signed SSL cert. No settings of allowLegacyHelloMessages and allowUnsafeRenegotiation help, and neither does adding the self-signed SSL cert. to the JRE's cacerts keystore nor forcing an HTTP close after every request.
A couple of other things to notice: the SSL handshake error happens only when a cached SSL session is used. Moreover, it doesn't *appear* to occur when the server uses a CA-signed cert. (i.e., as opposed to a self-signed cert.). However, I haven't done an extensive enough testing to be absolutely certain of this.
In any case, digging into the code a little I see that the error happens whenever a cached session is used and the setEnabledCipherSuites() method is called on the reused socket in SoapUIEasySSLProtocolSocketFactory.java. That bit of code doesn't exist in 2.5.1. As a proof, if I use the older version class in the 3.6.1 code base and recompile, the problem disappears. So, as a crude fix/workaround I just inserted this line at the beginning of the enableSocket() method to invalidate the SSL session:
I'm sure that's not the best fix for this problem. May be only do that as a retry in case of an SSL handshake error or only set the enabled cipher suites if it's not using a cached session. But, hopefully it's still of help to someone facing a similar problem in the meantime.
FWIW. Thanks.
http://www.eviware.com/forum/viewtopic.php?f=5&t=2533&hilit=ssl+handshake+error
http://www.eviware.com/forum/viewtopic.php?f=5&t=5058&hilit=ssl+handshake+error
It happens with SoapUI (community version) version 3.0 and higher with JRE 6 up to update 22 (i.e., the latest one to date). It does *not* happen with SoapUI v2.5.1 regardless of the JRE version. The web service app. runs on Websphere 6.1 with IBM HTTP Server 6.1 and the packaged mod_ibm_ssl using a self-signed SSL cert. No settings of allowLegacyHelloMessages and allowUnsafeRenegotiation help, and neither does adding the self-signed SSL cert. to the JRE's cacerts keystore nor forcing an HTTP close after every request.
A couple of other things to notice: the SSL handshake error happens only when a cached SSL session is used. Moreover, it doesn't *appear* to occur when the server uses a CA-signed cert. (i.e., as opposed to a self-signed cert.). However, I haven't done an extensive enough testing to be absolutely certain of this.
In any case, digging into the code a little I see that the error happens whenever a cached session is used and the setEnabledCipherSuites() method is called on the reused socket in SoapUIEasySSLProtocolSocketFactory.java. That bit of code doesn't exist in 2.5.1. As a proof, if I use the older version class in the 3.6.1 code base and recompile, the problem disappears. So, as a crude fix/workaround I just inserted this line at the beginning of the enableSocket() method to invalidate the SSL session:
*** SoapUIEasySSLProtocolSocketFactory.java.orig 2010-12-01 14:08:10.902483086 -0700
--- SoapUIEasySSLProtocolSocketFactory.java 2010-12-01 23:56:20.190773760 -0700
***************
*** 75,80 ****
--- 75,82 ----
private Socket enableSocket( SSLSocket socket )
{
+ socket.getSession().invalidate();
+
String protocols = System.getProperty( "soapui.https.protocols" );
String ciphers = System.getProperty( "soapui.https.ciphers" );
I'm sure that's not the best fix for this problem. May be only do that as a retry in case of an SSL handshake error or only set the enabled cipher suites if it's not using a cached session. But, hopefully it's still of help to someone facing a similar problem in the meantime.
FWIW. Thanks.