Issue
Installed in a Unix server and trying to add a second server in a secure zone.
Getting handshake JAVA handshake exception message between servers:
javax.net.ssl.SSLHandshakeException: Remote host connection during handshake
Environment
All Supported DevTest releases and platforms.
Cause
Steps to Reproduce:
1. Submitting a curl which executes a Suite from lisa-invoke.
2. Getting the below error:
{http://xml.apache.org/axis/}stackTrace:javax.net.ssl.SSLHandshakeException: Remote host connection during handshake
Diagnostic Findings:
1. You have 1-way SSL, so no keystores are needed on the client side.
2. We added this property to the SimulatorService.vmoptions file:
-Djavax.net.debug=ssl
3. Restarted the Simulator Service
4. Executed your test again.
5. This time we could see the handshake information in the simulator.log.
6. We could see the ClientHello and what version of TLS we were sending, which in this case is TLSv1.
7. We did not see a ServerHello message coming back, just a handshake failure.
8. Knew your Server is expecting a handshake with TLSv1.2, so this is why we received the error.
Resolution
Added this property in the local.properties file of where the Simulator is running:
https.protocols=TLSv1.2,TLSv1.1,TLSv1
Since only 1-way SSL, these properties are not needed:
#ssl.client.cert.path=
#ssl.client.cert.pass=
#ssl.client.key.pass=
#ssl.client.alias=
Restarted the Simulator Service.
The test now connects to the Server with the accepted SSL protocol.
Additional Information
This would also apply when testing against Services deployed to a VSE, add the property in the local.properties file of where the VSE is running.
Diagnosing TLS, SSL, and HTTPS
https://blogs.oracle.com/java-platform-group/diagnosing-tls,-ssl,-and-https
How to Analyze Java SSL Errors
https://dzone.com/articles/how-analyze-java-ssl-errors
KB Article ID: TEC1540368