Service Virtualization

  • 1.  Error while calling SSL enabled service from DevTest REST step

    Posted Jun 21, 2016 05:00 PM

    Hi All,

     

    I am trying to call external SSL enabled service URL from DevTest test REST step but getting below issue. Can anyone tell me the steps to enable handshake from Workstation.

     

    Thanks.

     

    ============================================================================

    | HTTP

    ============================================================================

    | Message:     javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

    ----------------------------------------------------------------------------

    | Trapped Exception: Remote host closed connection during handshake

    | Trapped Message:   javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

    ----------------------------------------------------------------------------

    STACK TRACE

    javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

      at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)

      at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

      at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)

      at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)

      at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)

      at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)

      at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)

      at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)

      at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)

      at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)

      at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)

      at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1026)

      at com.itko.lisa.test.CommTrans.send(CommTrans.java:815)

      at com.itko.lisa.test.CommTrans.sendGET(CommTrans.java:768)

      at com.itko.lisa.ws.rest.RESTNode.doSend(RESTNode.java:209)

      at com.itko.lisa.ws.rest.RESTNode.doWebTrans(RESTNode.java:168)

      at com.itko.lisa.ws.rest.RESTNodeBase.execute(RESTNodeBase.java:362)

      at com.itko.lisa.ws.rest.RESTNodeEditor$4.doCallback(RESTNodeEditor.java:895)

      at com.itko.util.swing.panels.ProcessingDialog$2.run(ProcessingDialog.java:194)

      at java.lang.Thread.run(Unknown Source)



  • 2.  Re: Error while calling SSL enabled service from DevTest REST step

    Posted Jun 21, 2016 09:57 PM

    Here is HTTP/SSL Debug -

     

    [  16] *** ClientHello, TLSv1

    [  16] RandomCookie:  GMT: 1466494680 bytes = { 137, 99, 146, 230, 67, 100, 201, 112, 241, 89, 189, 131, 71, 159, 47, 173, 93, 66, 24, 21, 130, 1, 71, 130, 191, 84, 64, 130 }

    [  16] Session ID:  {}

    [  16] Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]

    [  16] Compression Methods:  { 0 }

    [  16] Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}

    [  16] Extension ec_point_formats, formats: [uncompressed]

    [  16] ***

    [  16] ProcDlgThreadCallbk@7c63e4cd, WRITE: TLSv1 Handshake, length = 205

    [  16] ProcDlgThreadCallbk@7c63e4cd, WRITE: SSLv2 client hello message, length = 209

    [  16] ProcDlgThreadCallbk@7c63e4cd, received EOFException: error

    [  16] ProcDlgThreadCallbk@7c63e4cd, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

    [  16] ProcDlgThreadCallbk@7c63e4cd, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure

    [  16] ProcDlgThreadCallbk@7c63e4cd, WRITE: TLSv1.2 Alert, length = 2

    [  16] ProcDlgThreadCallbk@7c63e4cd, called closeSocket()

    [  16] ProcDlgThreadCallbk@7c63e4cd, called close()

    [  16] ProcDlgThreadCallbk@7c63e4cd, called closeInternal(true)

    [  16] [SSL Handshake Summary] Thread [ProcDlgThreadCallbk@7c63e4cd]

    [  16] [SSL Handshake Summary] Can not be sure if Client or Server

    [  16] [SSL Handshake Summary]  *†‡ indicates linked optional steps

    [  16] [SSL Handshake Summary]

    [  16] [SSL Handshake Summary]  1  RUN                             Client Hello -->

    [  16] [SSL Handshake Summary]  2  UNKNOWN                                      <-- Server Hello                      

    [  16] [SSL Handshake Summary]  3* UNKNOWN                                      <-- Server Certificate (Public Key)   

    [  16] [SSL Handshake Summary]  4† UNKNOWN                                      <-- Request Client Certificate        

    [  16] [SSL Handshake Summary]  5* UNKNOWN  Verify and Trust Server Certificate v 

    [  16] [SSL Handshake Summary]  6‡ UNKNOWN                                      <-- Server Key Exchange               

    [  16] [SSL Handshake Summary]  7  UNKNOWN                                      <-- Server Hello Done                 

    [  16] [SSL Handshake Summary]  8† UNKNOWN      Client Certificate (Public Key) -->

    [  16] [SSL Handshake Summary]  9† UNKNOWN                                        v Verify and Trust Client Certificate

    [  16] [SSL Handshake Summary] 10  UNKNOWN                  Client Key Exchange -->

    [  16] [SSL Handshake Summary] 11† UNKNOWN      Certificate Verify Confirmation -->

    [  16] [SSL Handshake Summary] 12  UNKNOWN            Client Change Cipher Spec -->

    [  16] [SSL Handshake Summary] 13  UNKNOWN                      Client Finished -->

    [  16] [SSL Handshake Summary] 14  UNKNOWN                                      <-- Server Change Cipher Spec         

    [  16] [SSL Handshake Summary] 15  UNKNOWN                                      <-- Server Finished                   

    [  16] [SSL Handshake Summary]

    [  16] [SSL Handshake Summary] SEND TLSv1.2 ALERT:  fatal, description = handshake_failure

    [  16] [SSL Handshake Summary] javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

    [  16] [SSL Handshake Summary] Ensure that the server is secure (connecting to insecure server over SSL) and that you are connecting to the correct port



  • 3.  Re: Error while calling SSL enabled service from DevTest REST step

    Broadcom Employee
    Posted Jun 21, 2016 10:08 PM

    Do you have access to openssl? If so, please provide the output of following command

     

    openssl s_client -host <yourExternalRestServiceHost> -port <yourExternalRestServiceSecurePort>

     

    e.g. for google.com the above would be

    openssl s_client -host www.google.com -port 443

     

    (The above commands are valid for a Linux/Unix environment - for Windows you will need to install the windows version of openssl)



  • 4.  Re: Error while calling SSL enabled service from DevTest REST step

    Posted Jun 21, 2016 10:14 PM

    Its internal server -

     

    CONNECTED(00000003)

    depth=1 C = US, O = ************

    verify error:num=19:self signed certificate in certificate chain

    ---

    Certificate chain

    0 s:/C=us/O=************/OU=servers/CN=************

       i:/C=US/O=************

    1 s:/C=US/O=************

       i:/C=US/O=************

    ---

    Server certificate

    -----BEGIN CERTIFICATE-----

    ************************************

    -----END CERTIFICATE-----

    subject=/C=us/O=************/OU=servers/CN=************

    issuer=/C=US/O=************

    ---

    No client certificate CA names sent

    Peer signing digest: SHA512

    Server Temp Key: ECDH, P-256, 256 bits

    ---

    SSL handshake has read 2362 bytes and written 490 bytes

    ---

    New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA384

    Server public key is 2048 bit

    Secure Renegotiation IS supported

    Compression: NONE

    Expansion: NONE

    No ALPN negotiated

    SSL-Session:

        Protocol  : TLSv1.2

        Cipher    : ECDHE-RSA-AES256-SHA384

        Session-ID: ************

        Session-ID-ctx:

        Master-Key: ************

        Key-Arg   : None

        PSK identity: None

        PSK identity hint: None

        SRP username: None

        Start Time: 1466561392

        Timeout   : 300 (sec)

        Verify return code: 19 (self signed certificate in certificate chain)

    ---



  • 5.  Re: Error while calling SSL enabled service from DevTest REST step
    Best Answer

    Broadcom Employee
    Posted Jun 21, 2016 10:25 PM

    In the workstation machine,  do you have below mentioned property defined in local.properties?

    https.protocols=SSLv3, TLSv1.2

     

    If not, please add the same, Restart the workstation and try.



  • 6.  Re: Error while calling SSL enabled service from DevTest REST step

    Posted Jun 21, 2016 10:29 PM

    Thanks Prem. Its working now.



  • 7.  Re: Error while calling SSL enabled service from DevTest REST step

    Posted Oct 19, 2016 11:31 AM

    To stage it to registry, do we need to make changes in local.properties of Registry server? If yes, then will it impact other users using same registry?