Contributions
Getting Handshake error while performing SoapUI testing after upgrading Apache Tomcat to the latest
HI Everyone, As a part of vulnerability remediation, we are required to upgrade to the latest Apache Tomcat package. After the upgrade in one of our test environments, we are permanently getting the below error: Fri Jul 08 10:31:04 AEST 2022:ERROR:javax.net.ssl.SSLException: Couldn't kickstart handshaking [The complete Error in SoapUI I will be providing in the bottom of this message.] I have gone through every possible fix advised by everyone over this conversation trail but none of it resolved the issue. I am providing you the current configurations in place. 1. vmoptions file contents: -XX:MinHeapFreeRatio=20 -XX:MaxHeapFreeRatio=40 -Xms128m -Xmx1000m -Dsoapui.properties=soapui.properties -Dsoapui.home=C:\Program Files\SmartBear\SoapUI-5.7.0/bin -Dsoapui.ext.libraries=C:\Program Files\SmartBear\SoapUI-5.7.0/bin/ext -Dsoapui.ext.listeners=C:\Program Files\SmartBear\SoapUI-5.7.0/bin/listeners -Dsoapui.ext.actions=C:\Program Files\SmartBear\SoapUI-5.7.0/bin/actions -Dwsi.dir=C:\Program Files\SmartBear\SoapUI-5.7.0/wsi-test-tools -Djava.library.path=C:\Program Files\SmartBear\SoapUI-5.7.0/bin -Djava.util.Arrays.useLegacyMergeSort=true -splash:SoapUI-Spashscreen.png --illegal-access=permit -Dlog4j2.formatMsgNoLookups=true 2. JAVA Tab inTomcat10.0.22w.exe: -Dcatalina.home=E:\Program Files\Apache Software Foundation\Apache-Tomcat-10.0.22\ -Dcatalina.base=E:\Program Files\Apache Software Foundation\Apache-Tomcat-10.0.22\ -Dignore.endorsed.dirs=E:\Program Files\Apache Software Foundation\Apache-Tomcat-10.0.22\endorsed -Djava.io.tmpdir=E:\Program Files\Apache Software Foundation\Apache-Tomcat-10.0.22\temp -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager -Djava.util.logging.config.file=E:\Program Files\Apache Software Foundation\Apache-Tomcat-10.0.22\conf\logging.properties -Dlog4j2.formatMsgNoLookups=true I have cross-checked few times the details and paths so there is no issues with the path/locations provided above. I would really appreciate if someone could help me with this issue. It has been 3 weeks but not solution found so far. Please find the complete Error Message from SoapUI below: Fri Jul 08 10:31:04 AEST 2022:ERROR:javax.net.ssl.SSLException: Couldn't kickstart handshaking javax.net.ssl.SSLException: Couldn't kickstart handshaking at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:127) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:451) at java.base/sun.security.ssl.SSLSocketImpl.ensureNegotiated(SSLSocketImpl.java:904) at java.base/sun.security.ssl.SSLSocketImpl$AppOutputStream.write(SSLSocketImpl.java:1274) at com.eviware.soapui.impl.wsdl.support.http.SoapUILoggingOutputStream.write(SoapUILoggingOutputStream.java:41) at org.apache.http.impl.io.SessionOutputBufferImpl.streamWrite(SessionOutputBufferImpl.java:124) at org.apache.http.impl.io.SessionOutputBufferImpl.flushBuffer(SessionOutputBufferImpl.java:136) at org.apache.http.impl.io.SessionOutputBufferImpl.write(SessionOutputBufferImpl.java:158) at org.apache.http.impl.io.ContentLengthOutputStream.write(ContentLengthOutputStream.java:113) at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:114) at org.apache.http.impl.DefaultBHttpClientConnection.sendRequestEntity(DefaultBHttpClientConnection.java:156) at org.apache.http.impl.conn.CPoolProxy.sendRequestEntity(CPoolProxy.java:160) at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:238) at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:460) at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123) at org.apache.http.impl.execchain.MainClientExec.execute(MainClientExec.java:272) at org.apache.http.impl.execchain.ProtocolExec.execute(ProtocolExec.java:185) at org.apache.http.impl.execchain.RetryExec.execute(RetryExec.java:89) at org.apache.http.impl.execchain.RedirectExec.execute(RedirectExec.java:111) at org.apache.http.impl.client.InternalHttpClient.doExecute(InternalHttpClient.java:185) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpClient.doExecute(HttpClientSupport.java:344) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:83) at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:548) at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:614) at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:302) at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:232) at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:120) at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515) at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264) at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1130) at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:630) at java.base/java.lang.Thread.run(Thread.java:831) Suppressed: java.net.SocketException: Connection reset by peer at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:420) at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:440) at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:826) at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1045) at java.base/sun.security.ssl.SSLSocketOutputRecord.encodeAlert(SSLSocketOutputRecord.java:82) at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:400) ... 33 more Caused by: java.net.SocketException: Connection reset by peer at java.base/sun.nio.ch.NioSocketImpl.implWrite(NioSocketImpl.java:420) at java.base/sun.nio.ch.NioSocketImpl.write(NioSocketImpl.java:440) at java.base/sun.nio.ch.NioSocketImpl$2.write(NioSocketImpl.java:826) at java.base/java.net.Socket$SocketOutputStream.write(Socket.java:1045) at java.base/sun.security.ssl.SSLSocketOutputRecord.flush(SSLSocketOutputRecord.java:268) at java.base/sun.security.ssl.HandshakeOutStream.flush(HandshakeOutStream.java:89) at java.base/sun.security.ssl.ClientHello$ClientHelloKickstartProducer.produce(ClientHello.java:657) at java.base/sun.security.ssl.SSLHandshake.kickstart(SSLHandshake.java:529) at java.base/sun.security.ssl.ClientHandshakeContext.kickstart(ClientHandshakeContext.java:107) at java.base/sun.security.ssl.TransportContext.kickstart(TransportContext.java:249) at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:434) ... 31 more637Views0likes1CommentRe: Is SoapUI affected by Log4j Vulnerability? If yes, what are the actions required for permanent fix?
Thanksrichiefor your response. How and where can I get the version 2.17 of Log4j for SoapUI? Do you have a reference link that you can provide? Highly appreciate your response. Thanks Anurag Jaiswal3.1KViews0likes0CommentsIs SoapUI affected by Log4j Vulnerability? If yes, what are the actions required for permanent fix?
Hi Team, I am Anurag from CBA. We are performing vulnerability remediation for all the software we are using and we are reaching out to the corresponding vendors to understand what sort of actions we need to take in order to remediate the Log4j vulnerability from each and every service which are using Log4j. We come across that SoapUI tool is also one of those software. Could you please provide us detailed information of the activities we need to take? Please find the software details we have in our servers: SoapUI Version - 5.2.1 Build date:20151002-1138 Appreciate your response. Thanks Anurag Jaiswal Email: Anurag.Jaiswal@cba.com.au3.6KViews0likes10Comments