Tech Tips: Getting JAVA Handshake Exception, Remote host connection, Between Servers When Staging a Test Case

Document created by MarcyNunns Employee on Aug 18, 2017Last modified by MarcyNunns Employee on Sep 18, 2017
Version 3Show Document
  • View in full screen mode

Issue

Installed in a Unix server and trying to add a second server in a secure zone.

Getting handshake JAVA handshake exception message between servers:

javax.net.ssl.SSLHandshakeException: Remote host connection during handshake

 

Environment

All Supported DevTest releases and platforms.

 

Cause

Steps to Reproduce:
1. Submitting a curl which executes a Suite from lisa-invoke.
2. Getting the below error:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: Remote host connection during handshake

Diagnostic Findings:
1. You have 1-way SSL, so no keystores are needed on the client side.
2. We added this property to the SimulatorService.vmoptions file:
-Djavax.net.debug=ssl
3. Restarted the Simulator Service
4. Executed your test again.
5. This time we could see the handshake information in the simulator.log.
6. We could see the ClientHello and what version of TLS we were sending, which in this case is TLSv1.
7. We did not see a ServerHello message coming back, just a handshake failure.
8. Knew your Server is expecting a handshake with TLSv1.2, so this is why we received the error.

 

Resolution

Added this property in the local.properties file of where the Simulator is running:

https.protocols=TLSv1.2,TLSv1.1,TLSv1

Since only 1-way SSL, these properties are not needed:
#ssl.client.cert.path=
#ssl.client.cert.pass=
#ssl.client.key.pass=
#ssl.client.alias=

Restarted the Simulator Service.

The test now connects to the Server with the accepted SSL protocol.

 

Additional Information

 

This would also apply when testing against Services deployed to a VSE, add the property in the local.properties file of where the VSE is running.

 

Diagnosing TLS, SSL, and HTTPS

https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https

 

How to Analyze Java SSL Errors

https://dzone.com/articles/how-analyze-java-ssl-errors

 

KB Article ID: TEC1540368

 

Attachments

    Outcomes