Service Virtualization

I currently have a virtual service that is being used as a proxy between 2 endpoints. When its deployed it is using HTTP.

I had this working on an older DevTest console, v8.x I think (not sure). We have recently updated to use version 9.5.1 (I know this isn't the most recent version but is outside of my control).

Depending on certain arguments in the incoming request, it either goes to a Virtual HTTP/S Live Invocation step (works fine) or a REST step (this is where I'm having an issue).

On the REST step, its going and calling an internal service over HTTPS, this was working fine on our 8.x version but on 9.5.1 I'm getting the following SSL handshake error (see below)

We've tried the solutions suggested here (adding -Dhttps.protocols=TLSv1.1TLSv1.2 to vmoptions) and here (adding https.protocols=SSLv3, TLSv1.2 to the local.properties file)

 but these don't appear to have made any difference.

Is there anything else anybody can suggest?

Thanks in advance

 

 

============================================================================
| javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
============================================================================
| Step: I&A
----------------------------------------------------------------------------
| Message: Remote host closed connection during handshake
----------------------------------------------------------------------------
| Trapped Exception: Remote host closed connection during handshake
| Trapped Message: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
----------------------------------------------------------------------------
STACK TRACE
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535)
at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403)
at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177)
at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304)
at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446)
at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863)
at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72)
at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1026)
at com.itko.lisa.test.CommTrans.send(CommTrans.java:815)
at com.itko.lisa.test.CommTrans.sendPOST(CommTrans.java:793)
at com.itko.lisa.ws.rest.RESTNode.doSend(RESTNode.java:214)
at com.itko.lisa.ws.rest.RESTNode.doWebTrans(RESTNode.java:168)
at com.itko.lisa.ws.rest.RESTNodeBase.execute(RESTNodeBase.java:362)
at com.itko.lisa.test.TestNode.executeNode(TestNode.java:981)
at com.itko.lisa.test.TestCase.execute(TestCase.java:1288)
at com.itko.lisa.test.TestCase.execute(TestCase.java:1203)
at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1188)
at com.itko.lisa.test.TestCase.executeTest(TestCase.java:1129)
at com.itko.lisa.coordinator.Instance.run(Instance.java:204)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 24 more
============================================================================

Hi cmjchrisjones ,

Did you add this (https.protocols=TLSv1.1TLSv1.2) properties in VSE server local.properties file?

Thanks,

Balamurugan.

Yes, I tried that at that was one of the suggestions I had tried after reading through the forum

Hi,

Try adding below.

Add below in CA/DevTest/bin/Workstation.vmoptions file

-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

--

Kailash

Yes, I tried that at that was one of the suggestions I had tried after reading through the forum

Chris,

Please add this entry in your Workstation.vmoptions file and restart the Workstation:

-Djavax.net.debug=ssl

Re-run your test.

This will put more information in the log file to review as to why the ssl handshake is not occurring.

post the workstation here if you can.

~Marcy

Just to add to Marcy's response,

if you are running the VSM in the ITR then add the option -Djavax.net.debug=ssl in the Workstation.vmoptions file.

If you are deploying the VSM to the VSE, then add the -Djavax.net.debug=ssl in the VirtualServiceEnvironmentService.vmoptions.

Don't forget to restart the component after modifying the vmoptions file.

Hope it helps.

Heloisa

Just to add, this works fine on my local machine using ITR, just not when I deploy it onto a centralised server.

Update:

One of my colleagues has recently has had his DevTest workstation upgraded from version 8.1.0 to 9.5.1.6, he is now showing the same error locally using the ITR or when hitting the execute button on the REST step.

We've applied the suggestion above to his workstation and the following was found in the Workstation log (C:\Users\username\lisatemp_9.5.1), he is also on Windows 10, where as I am on Windows 7. 

I also noticed that the bundled Java version for him was 1.8.0_60 (When running java.exe -version under c:\program files\CA\DevTest\jre\bin), for me on DevTest 8.1 I am on 1.7.0_80 (I also tried updating the JRE as mentioned here but that screwed up my install and I had to revert the changes).

Here is the output from the log:

...Removed for brevity but there was a lot of ECDHClientKeyExchange, and Secrets with Binary content...

 

2018-07-27 09:23:27,230Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ... no IV derived for this protocol

2018-07-27 09:23:27,230Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     -

2018-07-27 09:23:27,235Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - *** CertificateVerify

2018-07-27 09:23:27,237Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - Signature Algorithm SHA512withRSA

2018-07-27 09:23:27,238Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, WRITE: TLSv1.2 Handshake, length = 136

2018-07-27 09:23:27,238Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, WRITE: TLSv1.2 Change Cipher Spec, length = 1

2018-07-27 09:23:27,240Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - *** Finished

2018-07-27 09:23:27,240Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - verify_data:  { 55, 66, 39, 177, 246, 217, 115, 236, 123, 136, 222, 60 }

2018-07-27 09:23:27,241Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ***

2018-07-27 09:23:27,241Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, WRITE: TLSv1.2 Handshake, length = 96

2018-07-27 09:23:27,241Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, received EOFException: error

2018-07-27 09:23:27,242Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, handling exception: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

2018-07-27 09:23:27,242Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - %% Invalidated:  [Session-1, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384]

2018-07-27 09:23:27,242Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure

2018-07-27 09:23:27,242Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, WRITE: TLSv1.2 Alert, length = 80

2018-07-27 09:23:27,242Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, called closeSocket()

2018-07-27 09:23:27,243Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, called close()

2018-07-27 09:23:27,243Z (10:23) [ProcDlgThreadCallbk@3b4383a9] INFO  System.out                     - ProcDlgThreadCallbk@3b4383a9, called closeInternal(true)

2018-07-27 09:23:29,436Z (10:23) [ProcDlgThreadCallbk@72c5b57d] WARN  com.itko.lisa.test.LisaException - LisaException detail Script throw an exception: bsh.TargetError: Sourced file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : Typed variable declaration : at Line: 9 : in file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : existingHeaders .get ( 0 )

 

Target exception: java.lang.NullPointerException: Null Pointer in Method Invocation

in inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' at line number 9 exception is javax.script.ScriptException: bsh.TargetError: Sourced file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : Typed variable declaration : at Line: 9 : in file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : existingHeaders .get ( 0 )

 

Target exception: java.lang.NullPointerException: Null Pointer in Method Invocation

in inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' at line number 9

2018-07-27 09:23:29,437Z (10:23) [ProcDlgThreadCallbk@72c5b57d] INFO  com.itko.lisa.dynexec.DynExecEx - DynExecEx exception created of

 

============================================================================

| Exception:

============================================================================

| Message:     Script throw an exception: bsh.TargetError: Sourced file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : Typed variable declaration : at Line: 9 : in file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : existingHeaders .get ( 0 )

 

Target exception: java.lang.NullPointerException: Null Pointer in Method Invocation

in inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' at line number 9

----------------------------------------------------------------------------

| Trapped Exception: bsh.TargetError: Sourced file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : Typed variable declaration : at Line: 9 : in file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : existingHeaders .get ( 0 )

 

Target exception: java.lang.NullPointerException: Null Pointer in Method Invocation

in inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' at line number 9

| Trapped Message:   javax.script.ScriptException: bsh.TargetError: Sourced file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : Typed variable declaration : at Line: 9 : in file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : existingHeaders .get ( 0 )

 

Target exception: java.lang.NullPointerException: Null Pointer in Method Invocation

in inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' at line number 9

----------------------------------------------------------------------------

STACK TRACE

javax.script.ScriptException: bsh.TargetError: Sourced file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : Typed variable declaration : at Line: 9 : in file: inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' : existingHeaders .get ( 0 )

 

Target exception: java.lang.NullPointerException: Null Pointer in Method Invocation

in inline evaluation of: ``import com.itko.lisa.vse.stateful.model.TransientResponse;  import com.itko.lisa . . . '' at line number 9

                at bsh.BshScriptEngine.evalSource(BshScriptEngine.java:97)

                at bsh.BshScriptEngine.eval(BshScriptEngine.java:61)

                at javax.script.AbstractScriptEngine.eval(Unknown Source)

                at com.itko.lisa.test.ScriptExecHandler.executeScript(ScriptExecHandler.java:674)

                at com.itko.lisa.test.ScriptExecHandler.executeScript(ScriptExecHandler.java:427)

                at com.itko.lisa.test.UserScriptNode._execute(UserScriptNode.java:210)

                at com.itko.lisa.test.UserScriptNode.execute(UserScriptNode.java:175)

                at com.itko.lisa.test.TestNode.executeNode(TestNode.java:981)

                at com.itko.lisa.test.TestCase.execute(TestCase.java:1288)

                at com.itko.lisa.test.TestCase.execute(TestCase.java:1203)

                at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1188)

                at com.itko.lisa.editor.WalkThruPanel.prepAndExecNode(WalkThruPanel.java:1058)

                at com.itko.lisa.editor.WalkThruPanel.access$900(WalkThruPanel.java:71)

                at com.itko.lisa.editor.WalkThruPanel$10.doCallback(WalkThruPanel.java:965)

                at com.itko.util.swing.panels.ProcessingDialog$2.run(ProcessingDialog.java:194)

                at java.lang.Thread.run(Unknown Source)

Caused by: java.lang.NullPointerException: Null Pointer in Method Invocation

                at bsh.Name.invokeMethod(Name.java:844)

                at bsh.BSHMethodInvocation.eval(BSHMethodInvocation.java:75)

                at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:102)

                at bsh.BSHPrimaryExpression.eval(BSHPrimaryExpression.java:47)

                at bsh.BSHVariableDeclarator.eval(BSHVariableDeclarator.java:86)

                at bsh.BSHTypedVariableDeclaration.eval(BSHTypedVariableDeclaration.java:84)

                at bsh.Interpreter.eval(Interpreter.java:664)

                at bsh.Interpreter.eval(Interpreter.java:758)

                at bsh.Interpreter.eval(Interpreter.java:747)

                at bsh.BshScriptEngine.evalSource(BshScriptEngine.java:89)

                ... 15 more

Have you made sure that this property is also on the Server where your Simulators or VSEs are running in the local.properties file?

https.protocols=TLSv1,TLSv1.1,TLSv1.2

Hi MarcyNunns, I have had my colleague try this (who is on 9.5.1), he updated his local properties file, restarted Workstation, however still seeing the same error.

As mentioned before, it seems moving the service from 8.1 to 9.5 has broken something as the actual VSM hasn't changed whatsoever.

And the Server has the same property?

1. Do you have access to openssl? If so, please provide the output of following command

openssl s_client -host <yourRestServiceHost> -port <yourRestServiceSecurePort>

where yourRestServiceHost & yourRestServiceSecurePort is the endpoint the Rest step connects to.

e.g. for google.com the above would be

openssl s_client -host www.google.com -port 443

(The above commands are valid for a Linux/Unix environment - for Windows you will need to install the windows version of openssl)

2. Can you try to comment out the following line from java.security file under DEVTESTHOME/jre/lib/security folder & re-run the model in ITR (Assuming the default JRE is being used)?

i.e. replace 

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768

with 

#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768

Hi Prem_Bairoliya, Firstly apologies for the delay in responding, I was on leave for 2 weeks and I also now have the 9.5.1 version of DevTest installed.

I don't want to paste the whole output of openssl here in case it contains any potential company propriety information, but I've scanned the output, and I can see it outputs a certificate publickey, lots of C/O/CN properties, and the end I've copied below but I've obfuscated a few bits of data.

I've also tried your option 2 but that had no effect.

SSL handshake has read 16390 bytes and written 500 bytes
---
New, TLSv1/SSLv3, Cipher is *****-***-******-******
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : *****-***-******-******
Session-ID: *****************************************
Session-ID-ctx:
Master-Key: *********************************************
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1534515418
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---

Hello Chris,

Could you open a support ticket for this?

It would be good to check how is your REST step set and take a look at the complete log files to verify what is happening.

Thank you,

Heloisa

Hi, I have tried to open a support ticket but after signing into CA Support Online - CA Technologies and clicking on my cases it tells me I don't have access!