Forum Discussion

jurkech's avatar
jurkech
New Contributor
9 years ago

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Hi,

 

I'm trying to execute some tests against RESTful API running on an https endopint. I'm using SoapUI 5.2.1

I'm always getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure no matter what I try.

So far what I did:

- downloaded endpoint certificate, created own keystore with it and set it to be used in preferences

- imported the certificate into the central java keystore (cacerts in java\lib\security)

- set SoapUI to use java 1.8 instead of stock java bundled, imported the certificate into its keystore as well

- enabled extended java debugging with javax.net.debug=all and gave logs to developers I have here, and they said it looks like the endopint expects TLSv1 but SoapUI is forcing TLSv1.2

- I added soapui.https.protocols=SSLv3,TLSv1 but to my uneducated eye it looks like communication starts with TLSv1 and then switches to TLSv1.2

I'm including two logs here - one before using the switch for TLSv1 and one after that.

I've been at this for 2 days now, any help is greatly appreciated. Thanks.

 

Roman

  • gungwald's avatar
    gungwald
    New Contributor
    9 years ago

    I'm getting the same error. I'm connecting to an AWS REST service through an API gateway, IBM DataPower. This is what I have tried, all of which resulted in the same error (except #4):

    1. TLSv1.2, TLSv1.1, and TLSv1
    2. Unlimited JCE policy files.
    3. Java 1.8.0_92 (latest), 1.8.0_82, 1.7.0_80 (latest 1.7), 1.7.0_55 (bundled version)
    4. Specifying cypher suites. I have no clue which ones to specify because the log gives no info on that, so I tried some at random. Some of them fail with an unsupported error. Some give the same handshake failure. This appear to not be significant.
    5. Connecting to the same API gateway with Postman and HttpRequester (Firefox plugin). Both of those work fine with the gateway, but soapUI does not.
    6. Looking for errors in the gateway logs...nothing there.

    Since Postman and HttpRequester both work fine, this must be a defect with soapUI.

     

    I've attached the log with the following options set:

     

    -Dsoapui.https.protocols=SSLv3,TLSv1.2,TLSv1.1,TLSv1 -Djavax.net.debug=all

  • jurkech's avatar
    jurkech
    New Contributor
    9 years ago

    I have further update.

    We have several environments and it turns out that while one of them exhibits the handshake problem, anther one doesn't.

    The main difference between the two environments I tested was that the one where we see the problem is only accessible through VPN. However, I'm not sure if that is the real reason, there might be something else in play, maybe different setup of servers of those environments which I will investigate next week.

    Also, I tried to issue simple requests for both environments directly from java, not through SoapUI and the result was the same.

    Since both environments work fine when accessed through any browser, it looks like this is java SSL issue and not related to SoapUI at all.

    I also found suggestions to use java 1.8.0_45 because in later versions certain older ciphers were disabled. That didn't help either.

    • roman-zarzecki's avatar
      roman-zarzecki
      New Member
      8 years ago

      Have you changed the java settings in soupui.bat?

      ...

      set JAVA=%SOAPUI_HOME%..\jre\bin\java

      ...