Service Virtualization

Expand all | Collapse all

SSLv3 vs TLSv1.2

sdetweil1.1

sdetweil1.1Nov 11, 2015 08:02 AM

  • 1.  SSLv3 vs TLSv1.2

    Posted Nov 10, 2015 09:49 AM

    We have a problem. many of the services we want to connect to  have already moved to TLS from SSLv3.

     

    when using the recorder, our app sends SSLv3 first, and the recorder gets the message and tries to send it on, but fails, as the endpoint is TLS.

    if our app uses TLS, the recorder doesn't indicate any message request, and the app gets a failure back.

     

    we don't see any way to configure (by connnection) which SSL protocol to use.  this is DT 8.5

     

    help...



  • 2.  Re: SSLv3 vs TLSv1.2

    Posted Nov 11, 2015 08:02 AM

    nobody has seen this problem?



  • 3.  Re: SSLv3 vs TLSv1.2
    Best Answer

    Broadcom Employee
    Posted Nov 11, 2015 10:31 AM

    In the workstation machine where the recorder is ,  can you add the   below property  in local.properties

     

    https.protocols=SSLv3, TLSv1.2

     

    Restart the workstation and try.



  • 4.  Re: SSLv3 vs TLSv1.2

    Posted Nov 11, 2015 04:00 PM

    Thanks Shiney.. that fixed our problem..

     

    hope this is the default in V9..



  • 5.  Re: SSLv3 vs TLSv1.2

    Posted Apr 08, 2016 02:53 PM

    Hi Shiney,

     

    I am facing the same issue with LISA 7.5.1. My company disabled the TSL1.0 and moved to higher version TLS like v1.1 and v1.2. Hence I updated the local.properties file as follow.

     

    lisa.https.protocols=TLSv1.2,TLSv1.1

     

    But still not working. Could you please help me?

     

    Thanks,

    Nikhil



  • 6.  Re: SSLv3 vs TLSv1.2

    Broadcom Employee
    Posted Apr 08, 2016 02:59 PM

    Nikhil,  what errors are you seeing in  the logs?  Can you also check the version of Java you are running

     

    JRE 6 will allow TLSv1 and SSLv3

     

    JRE 7/8 will allow TLSv1.2, TLSv1.1, TLSv1, SSLv3.



  • 7.  Re: SSLv3 vs TLSv1.2

    Posted Apr 20, 2016 12:45 PM

    Hi Shiney,

     

    I am getting below exception while running the services.

     

    I am having JRE7 installed on my machine.

     

    =========================================================================== | HTTP ============================================================================ | Message: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated ---------------------------------------------------------------------------- | Trapped Exception: peer not authenticated | Trapped Message: javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated ---------------------------------------------------------------------------- STACK TRACE javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated at sun.security.ssl.SSLSessionImpl.getPeerCertificates(Unknown Source) at org.apache.http.conn.ssl.AbstractVerifier.verify(AbstractVerifier.java:128) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:572) at ............................

     

    Please note: I found similar issue with SoapUI. It is working when i updated the soapUI config file with similar entry. I could not resolve the issue with LISA yet.

     

    Thanks,

    Nikhil



  • 8.  Re: SSLv3 vs TLSv1.2

    Broadcom Employee
    Posted Apr 20, 2016 12:54 PM

    Could you please turn on SSL debug and send us  the entire stack trace.

     

    -Djavax.net debug=ssl

    What type of test are you running?  how is the environment set up?  it would be better to open a ticket with CA Support  to debug this further.

     

    Thanks

     

    Shiney.



  • 9.  Re: SSLv3 vs TLSv1.2

    Posted Dec 21, 2017 11:49 AM

    Shiney,

     

    For our virtualization we had same issue we are unable to connect one of our Live system from VSE Server. After I added the property "https.protocols=SSLv3, TLSv1.2" in VSE server local.properteies it worked fine. However after the updated we are seeing other services getting error message "ERROR com.itko.lisa.http.SSLSocketFactoryHelper - Unable to set default SSL Protocols to [SSLv3, TLSv1.2] typically because of an invalid protocol
    java.lang.IllegalArgumentException: TLSv1.2". Please let us know for only one Service how we can add this property instead of local.properties.

     

    Regards,

    Dinesh.C



  • 10.  Re: SSLv3 vs TLSv1.2

    Broadcom Employee
    Posted Dec 21, 2017 12:01 PM

    What version of Devtest are you facing this issue?

     

    As mentioned by abrsh01 above - 

    Could you please turn on SSL debug and send us  the entire stack trace.

     

    -Djavax.net debug=ssl

    What type of test are you running?  how is the environment set up?  it would be better to open a ticket with CA Support  to debug this further.



  • 11.  Re: SSLv3 vs TLSv1.2

    Posted Dec 21, 2017 12:04 PM

    Hi,

     

    We are using DevTest 9.0.0.297.

     

    Regards,

    Dinesh.C



  • 12.  Re: SSLv3 vs TLSv1.2

    Broadcom Employee
    Posted Dec 28, 2017 02:15 PM

    Can you try setting https.protocols=SSLv3,TLSv1.2 

    and restarting the VSE process.

     

    Note there is no space between , and TLSv1.2.

     

    If the above doesn't help - then please turn on SSL debug as suggested by abrsh01 above and attach the stack trace to this thread.



  • 13.  Re: SSLv3 vs TLSv1.2

    Posted Dec 28, 2017 04:13 PM

    Thanks for update, Removing Space worked fine. 



  • 14.  Re: SSLv3 vs TLSv1.2

    Posted Jun 28, 2018 05:08 PM

    Hello Prem_Bairoliya,

     

    I had added https.protocols=SSLv3,TLSv1.2 in _local.properties but still getting the below error 

     

    ===========================================================================
    | javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    ============================================================================
    | Step: AHPretrieveReservation
    ----------------------------------------------------------------------------
    | Message: Received fatal alert: handshake_failure
    ----------------------------------------------------------------------------
    | Trapped Exception: Received fatal alert: handshake_failure
    | Trapped Message: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    ----------------------------------------------------------------------------
    STACK TRACE
    javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403)
    at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
    at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
    at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
    at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
    at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
    at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
    at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
    at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1074)
    at com.itko.lisa.test.CommTrans.send(CommTrans.java:843)
    at com.itko.lisa.test.CommTrans.sendGET(CommTrans.java:767)
    at com.itko.lisa.ws.rest.RESTNode.doSend(RESTNode.java:221)
    at com.itko.lisa.ws.rest.RESTNode.doWebTrans(RESTNode.java:171)
    at com.itko.lisa.ws.rest.RESTNodeBase.execute(RESTNodeBase.java:380)
    at com.itko.lisa.test.TestNode.executeNode(TestNode.java:984)
    at com.itko.lisa.test.TestCase.execute(TestCase.java:1297)
    at com.itko.lisa.test.TestCase.execute(TestCase.java:1198)
    at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1183)
    at com.itko.lisa.test.TestCase.executeTest(TestCase.java:1124)
    at com.itko.lisa.coordinator.Instance.run(Instance.java:208)
    ============================================================================



  • 15.  Re: SSLv3 vs TLSv1.2

    Broadcom Employee
    Posted Jun 29, 2018 09:21 AM

    Hi,

     

    "_local.properties" is merely a template.  DevTest reads a file called "local.properties" (without a leading underscore)

     

    Remove the leading underscore and DevTest will pickup the settings.

     

    --Mike



  • 16.  Re: SSLv3 vs TLSv1.2

    Posted Jun 29, 2018 02:55 PM

    Thanks this worked