Forum Discussion

devnull's avatar
devnull
New Contributor
10 years ago

[Solved] SSL Handshake exception calling a secure webservice

Hello,

I'm trying to use Soap UI to connect to a secure SOAP web service, for which there should be a registered certificate.

 

The wsdl address is: https://129.152.40.43/AIOSCInt-OSC-Account-outbound-test-root/E1AccountServicePort?WSDL

(it is also accessible on the same url using http instead of https, for the moment)

 

In our internal dns the server is registered with a name which match the SSL certificate CN name, so when I open the wsdl in a browser I don't get any ssl error. Eg when I open it with Chrome I get the "green lock":

https_integration.png

So, given this, I guess the SSL certificates are set correctly in the server.

 

But when I try to import the WSDL in Soap UI 5.1.3, I get the error:

Error loading [https://domain_name/AIOSCInt-OSC-Account-outbound-test-root/E1AccountServicePort?WSDL]: java.lang.Exception: Failed to load url; https://domain_name/AIOSCInt-OSC-Account-outbound-test-root/E1AccountServicePort?WSDL, 0

In the soapui_errors.log file there is this:

2015-06-17 16:55:23,934 ERROR [errorlog] com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException
com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException
 at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader.makeInvalidDefinitionException(WsdlLoader.java:119)
 at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader.loadXmlObject(WsdlLoader.java:112)
 at com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils.getDefinitionParts(SchemaUtils.java:488)
 at com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils.getDefinitionParts(SchemaUtils.java:477)
 at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionCache.update(AbstractDefinitionCache.java:94)
 at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext$Loader.construct(AbstractDefinitionContext.java:209)
 at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
 at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:131)
 at java.lang.Thread.run(Unknown Source)

I also tried to import the wsdl using the non-secure link (same addres but over http instead of https), and then change the http to https when launching the call, but I get this ssl exception:

2015-06-17 15:27:49,104 ERROR [WsdlSubmit] Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2015-06-17 15:27:49,105 ERROR [errorlog] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
	at sun.security.ssl.AppOutputStream.write(Unknown Source)
	at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
	at org.apache.http.impl.io.AbstractSessionOutputBuffer.write(AbstractSessionOutputBuffer.java:151)
	at org.apache.http.impl.conn.LoggingSessionOutputBuffer.write(LoggingSessionOutputBuffer.java:74)
	at org.apache.http.impl.io.ContentLengthOutputStream.write(ContentLengthOutputStream.java:114)
	at org.apache.http.impl.io.ContentLengthOutputStream.write(ContentLengthOutputStream.java:120)
	at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:68)
	at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
	at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
	at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
	at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
	at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
	at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:119)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
	at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
	at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
	at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
	at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)

So I guess this is a ssl configuration issue.

Can anyone help me to discover if it is a Soap UI problem, or the server ssl configuration is missing something?

  • devnull's avatar
    devnull
    10 years ago

    The issue has been solved.

    The server was accepting only TLS 1.2, while Soap UI was using TLS 1.0.

  • devnull's avatar
    devnull
    New Contributor
    10 years ago

    The issue has been solved.

    The server was accepting only TLS 1.2, while Soap UI was using TLS 1.0.

    • gungwald's avatar
      gungwald
      New Contributor
      9 years ago

      I can't find a way to tell soapUI to use TLS 1.2. So how do you actually fix the problem?

      • devnull's avatar
        devnull
        New Contributor
        9 years ago

        Indeed the solution was to set the application server to accept also connections using TLS 1.0, so I passed this parameter at the application server startup:

        -Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.0

        (so the solution was solved on the other side, not on Soap UI)

        Regards,

         

        Edit: in my case the application to which I was talking, was deployed on a Weblogic server on which I had the possibility to change the startup System properties.

  • kironponnath's avatar
    kironponnath
    Occasional Visitor
    7 years ago

    I was also getting a similar error:
    javax.net.ssl.SSLHandShakeException:Recieved fatal alert: handshake_failure

    This can be for different reasons too. For me, the issue was fixed after updating the Ciphers.java (http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) 

    Basically, I had to replace two .jar files and restart the application.


    C:\Program Files\SmartBear\ReadyAPI-2.2.0\jre\lib\security
     >> local_policy.jar 
    >> US_export_policy.jar

     

    We had some changes to cypher and this issue could have been avoided if SmartBear can provide the latest JCE with updates to ReadyAPI.