cancel
Showing results for 
Search instead for 
Did you mean: 

[Solved] SSL Handshake exception calling a secure webservice

SOLVED
Highlighted
New Contributor

[Solved] SSL Handshake exception calling a secure webservice

Hello,

I'm trying to use Soap UI to connect to a secure SOAP web service, for which there should be a registered certificate.

 

The wsdl address is: https://129.152.40.43/AIOSCInt-OSC-Account-outbound-test-root/E1AccountServicePort?WSDL

(it is also accessible on the same url using http instead of https, for the moment)

 

In our internal dns the server is registered with a name which match the SSL certificate CN name, so when I open the wsdl in a browser I don't get any ssl error. Eg when I open it with Chrome I get the "green lock":

https_integration.png

So, given this, I guess the SSL certificates are set correctly in the server.

 

But when I try to import the WSDL in Soap UI 5.1.3, I get the error:

Error loading [https://domain_name/AIOSCInt-OSC-Account-outbound-test-root/E1AccountServicePort?WSDL]: java.lang.Exception: Failed to load url; https://domain_name/AIOSCInt-OSC-Account-outbound-test-root/E1AccountServicePort?WSDL, 0 

In the soapui_errors.log file there is this:

2015-06-17 16:55:23,934 ERROR [errorlog] com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException
com.eviware.soapui.impl.support.definition.support.InvalidDefinitionException
at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader.makeInvalidDefinitionException(WsdlLoader.java:119)
at com.eviware.soapui.impl.wsdl.support.wsdl.WsdlLoader.loadXmlObject(WsdlLoader.java:112)
at com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils.getDefinitionParts(SchemaUtils.java:488)
at com.eviware.soapui.impl.wsdl.support.xsd.SchemaUtils.getDefinitionParts(SchemaUtils.java:477)
at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionCache.update(AbstractDefinitionCache.java:94)
at com.eviware.soapui.impl.support.definition.support.AbstractDefinitionContext$Loader.construct(AbstractDefinitionContext.java:209)
at com.eviware.soapui.support.swing.SwingWorkerDelegator.construct(SwingWorkerDelegator.java:46)
at com.eviware.soapui.support.swing.SwingWorker$2.run(SwingWorker.java:131)
at java.lang.Thread.run(Unknown Source)

I also tried to import the wsdl using the non-secure link (same addres but over http instead of https), and then change the http to https when launching the call, but I get this ssl exception:

2015-06-17 15:27:49,104 ERROR [WsdlSubmit] Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
2015-06-17 15:27:49,105 ERROR [errorlog] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.Alerts.getSSLException(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
	at sun.security.ssl.AppOutputStream.write(Unknown Source)
	at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
	at org.apache.http.impl.io.AbstractSessionOutputBuffer.write(AbstractSessionOutputBuffer.java:151)
	at org.apache.http.impl.conn.LoggingSessionOutputBuffer.write(LoggingSessionOutputBuffer.java:74)
	at org.apache.http.impl.io.ContentLengthOutputStream.write(ContentLengthOutputStream.java:114)
	at org.apache.http.impl.io.ContentLengthOutputStream.write(ContentLengthOutputStream.java:120)
	at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:68)
	at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
	at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
	at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
	at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
	at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
	at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:119)
	at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
	at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
	at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
	at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
	at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
	at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
	at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
	at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
	at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
	at java.util.concurrent.FutureTask.run(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
	at java.lang.Thread.run(Unknown Source)

So I guess this is a ssl configuration issue.

Can anyone help me to discover if it is a Soap UI problem, or the server ssl configuration is missing something?

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
New Contributor

Re: SSL Handshake exception calling a secure webservice

The issue has been solved.

The server was accepting only TLS 1.2, while Soap UI was using TLS 1.0.

View solution in original post

9 REPLIES 9
Highlighted
New Contributor

Re: SSL Handshake exception calling a secure webservice

The issue has been solved.

The server was accepting only TLS 1.2, while Soap UI was using TLS 1.0.

View solution in original post

Highlighted
New Contributor

Re: SSL Handshake exception calling a secure webservice

I can't find a way to tell soapUI to use TLS 1.2. So how do you actually fix the problem?

Highlighted
New Contributor

Re: SSL Handshake exception calling a secure webservice

Indeed the solution was to set the application server to accept also connections using TLS 1.0, so I passed this parameter at the application server startup:

-Dweblogic.security.SSL.minimumProtocolVersion=TLSv1.0

(so the solution was solved on the other side, not on Soap UI)

Regards,

 

Edit: in my case the application to which I was talking, was deployed on a Weblogic server on which I had the possibility to change the startup System properties.

Highlighted
Community Hero

Re: SSL Handshake exception calling a secure webservice

Of course, you can also set in the soapui to use different version, just a java system property.
Add this to java_opts of soapui.bat file
-Dsoapui.https.protocols=SSLv3,TLSv1.2

See this thread here
https://community.smartbear.com/t5/SoapUI-Open-Source/How-to-enable-TLS-1-2-in-SoapUI/td-p/96239


Regards,
Rao.
Highlighted
Occasional Visitor

Re: SSL Handshake exception calling a secure webservice

@nmrao

THANK YOU !

I've been struggling with this issue for 3 days now and was already going to surrender and then I saw you miraculous answer Smiley Happy

 

Highlighted
Community Hero

Re: SSL Handshake exception calling a secure webservice

Glad that you trace the right thread. Good to know.


Regards,
Rao.
Highlighted
Occasional Visitor

Re: [Solved] SSL Handshake exception calling a secure webservice

I was also getting a similar error:
javax.net.ssl.SSLHandShakeException:Recieved fatal alert: handshake_failure

This can be for different reasons too. For me, the issue was fixed after updating the Ciphers.java (http://www.oracle.com/technetwork/java/javase/downloads/jce8-download-2133166.html) 

Basically, I had to replace two .jar files and restart the application.


C:\Program Files\SmartBear\ReadyAPI-2.2.0\jre\lib\security
 >> local_policy.jar 
>> US_export_policy.jar

 

We had some changes to cypher and this issue could have been avoided if SmartBear can provide the latest JCE with updates to ReadyAPI. 

Highlighted
Super Contributor

Re: SSL Handshake exception calling a secure webservice

Hey, I also tried to set the things.. :-

 

This is how it looks like after the changes.. Could you please see and check what other changes is required?

 

@echo off

set SOAPUI_HOME=%~dp0
if exist "%SOAPUI_HOME%..\jre\bin" goto SET_BUNDLED_JAVA

if exist "%JAVA_HOME%" goto SET_SYSTEM_JAVA

echo JAVA_HOME is not set, unexpected results may occur.
echo Set JAVA_HOME to the directory of your local JDK to avoid this message.
goto SET_SYSTEM_JAVA

Smiley FrustratedET_BUNDLED_JAVA
set JAVA=%SOAPUI_HOME%..\jre\bin\java
goto END_SETTING_JAVA

Smiley FrustratedET_SYSTEM_JAVA
set JAVA=java

:END_SETTING_JAVA

rem init classpath
set OLDDIR=%CD%
cd /d %SOAPUI_HOME%

set CLASSPATH=%SOAPUI_HOME%soapui-5.4.0.jar;%SOAPUI_HOME%..\lib\*
"%JAVA%" -cp "%CLASSPATH%" com.eviware.soapui.tools.JfxrtLocator > %TEMP%\jfxrtpath
set /P JFXRTPATH= < %TEMP%\jfxrtpath
del %TEMP%\jfxrtpath
set CLASSPATH=%CLASSPATH%;%JFXRTPATH%

rem JVM parameters, modify as appropriate
set JAVA_OPTS=-Xms128m -Xmx1024m -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -Dsoapui.https.protocols=SSLv3,TLSv1.2 -Dsoapui.properties=soapui.properties "-Dsoapui.home=%SOAPUI_HOME%\" -splashSmiley FrustratedoapUI-Spashscreen.png

if "%SOAPUI_HOME%" == "" goto START
set JAVA_OPTS=%JAVA_OPTS% -Dsoapui.ext.libraries="%SOAPUI_HOME%ext"
set JAVA_OPTS=%JAVA_OPTS% -Dsoapui.ext.listeners="%SOAPUI_HOME%listeners"
set JAVA_OPTS=%JAVA_OPTS% -Dsoapui.ext.actions="%SOAPUI_HOME%actions"
set JAVA_OPTS=%JAVA_OPTS% -Djava.library.path="%SOAPUI_HOME%\"
set JAVA_OPTS=%JAVA_OPTS% -Dwsi.dir="%SOAPUI_HOME%..\wsi-test-tools"
rem uncomment to disable browser component
rem set JAVA_OPTS=%JAVA_OPTS% -Dsoapui.browser.disabled="true"

Smiley FrustratedTART

rem ********* run soapui ***********

"%JAVA%" %JAVA_OPTS% com.eviware.soapui.SoapUI %*
cd /d %OLDDIR%

Highlighted
Contributor

Re: SSL Handshake exception calling a secure webservice

In my case, looks this change need to be done with both soapui-pro.bat and SoapUI-Pro-5.1.2.vmoptions file, otherwise, it will not work

 

-Dsoapui.https.protocols=SSLv3,TLSv1.2