Service Virtualization

I have a REST step in my Virtual serivce, i am getting ssl hand shake error when executing in ITR so i have added https.protocols=TLSv1.2,TLSv1.1,TLSv1 in the vm options of the worksation then it is resolved.

But when i have added the https.protocols=TLSv1.2,TLSv1.1,TLSv1 in the local.propersties. I am getting error again

No Title
| HTTP ============================================================================ | Step: Send_841_DeliveryPlanned ---------------------------------------------------------------------------- | Message: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure ---------------------------------------------------------------------------- | Trapped Exception: Received fatal alert: handshake_failure | Trapped Message: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure ---------------------------------------------------------------------------- STACK TRACE javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:535) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:403) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:177) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:304) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:611) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:446) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:863) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:72) at com.itko.lisa.test.CommTrans.doSend(CommTrans.java:1074) at com.itko.lisa.test.CommTrans.send(CommTrans.java:843) at com.itko.lisa.test.CommTrans.sendPOST(CommTrans.java:803) at com.itko.lisa.ws.rest.RESTNode.doSend(RESTNode.java:226) at com.itko.lisa.ws.rest.RESTNode.doWebTrans(RESTNode.java:171) at com.itko.lisa.ws.rest.RESTNodeBase.execute(RESTNodeBase.java:380) at com.itko.lisa.test.TestNode.executeNode(TestNode.java:984) at com.itko.lisa.test.TestCase.execute(TestCase.java:1297) at com.itko.lisa.test.TestCase.execute(TestCase.java:1198) at com.itko.lisa.test.TestCase.executeNextNode(TestCase.java:1183) at com.itko.lisa.editor.WalkThruPanel.prepAndExecNode(WalkThruPanel.java:1115) at com.itko.lisa.editor.WalkThruPanel.access$900(WalkThruPanel.java:73) at com.itko.lisa.editor.WalkThruPanel$10.doCallback(WalkThruPanel.java:1017) at com.itko.util.swing.panels.ProcessingDialog$2.run(ProcessingDialog.java:195) at java.lang.Thread.run(Thread.java:745) ============================================================================ 

Venkat,

In the Workstation, under the Help menu, there is an HTTP/SSL Debug option.

Close your test case and open it again, then go to the Help menu and select HTTP/SSL Debug.

It should open the HTTP/SSL Debug at the bottom of your Workstation.

Execute the HTTPS request.

Copy the whole information under the HTTP/SSL debug and post it here.

Thank you,

Heloisa

I have https.protocols=TLSv1.2,TLSv1.1,TLSv1 only in local.vse.properties.

[ 1] ***
[ 1] found key for : lisa
[ 1] chain [0] = [
[ 1] [
[ 1] Version: V3
[ 1] Subject: CN=Lisa, OU=Lisa, O=Lisa, L=Dallas, ST=Texas, C=US, EMAILADDRESS=support@itko.com
[ 1] Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
[ 1]
[ 1] Key: Sun RSA public key, 1024 bits
[ 1] modulus: 107577342571485428802393728049184265786056348388364405824138117397977455761833138845329880593678805610027793821217939298848284286683543926634250841496293888229172692948746730869670908754188073542091973621265074265583182385560072567366227383567380577316296862528343858318946945517967854106447414857653511333997
[ 1] public exponent: 65537
[ 1] Validity: [From: Sat Aug 21 00:07:30 CST 2010,
[ 1] To: Wed Jan 06 00:07:30 CST 2038]
[ 1] Issuer: CN=Lisa, OU=Lisa, O=Lisa, L=Dallas, ST=Texas, C=US, EMAILADDRESS=support@itko.com
[ 1] SerialNumber: [ 4c6ea842]
[ 1]
[ 1] ]
[ 1] Algorithm: [SHA1withRSA]
[ 1] Signature:
[ 1] 0000: 2B 7F 77 08 DE 2F 74 E3 CD 0F 58 D8 57 D9 08 2E +.w../t...X.W...
[ 1] 0010: AC 57 A7 02 81 07 B7 F8 5B 68 AE 22 22 C6 75 EE .W......[h."".u.
[ 1] 0020: C2 41 B6 23 DE ED 17 F8 21 AE 3B ED B6 EA 1A 17 .A.#....!.;.....
[ 1] 0030: A4 5F 95 FD BE AE 74 DA 75 64 19 D6 60 0A 63 61 ._....t.ud..`.ca
[ 1] 0040: B6 2A E1 FB 06 C5 36 E5 00 0C EB 20 EF FA 82 29 .*....6.... ...)
[ 1] 0050: 40 39 EA 61 3A 27 CF 4F 00 18 33 E8 31 4C E4 C5 @9.a:'.O..3.1L..
[ 1] 0060: 44 98 60 15 80 FE 85 FB BF BD 95 AB 35 14 F7 16 D.`.........5...
[ 1] 0070: 9D 58 F5 26 10 B7 76 7D 43 20 A7 4B F4 ED EE CF .X.&..v.C .K....
[ 1]
[ 1] ]
[ 1] ***
[ 1] X509KeyManager passed to SSLContext.init(): need an X509ExtendedKeyManager for SSLEngine use
[ 1] trigger seeding of SecureRandom
[ 1] done seeding SecureRandom
[ 1] ProcDlgThreadCallbk@47748e2e, setSoTimeout(180000) called
[ 1] Allow unsafe renegotiation: false
[ 1] Allow legacy hello messages: true
[ 1] Is initial handshake: true
[ 1] Is secure renegotiation: false
[ 1] Ignoring disabled protocol: SSLv3
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
[ 1] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 for TLSv1
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 for TLSv1
[ 1] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 for TLSv1
[ 1] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 for TLSv1
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_GCM_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_GCM_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_DH_anon_WITH_AES_256_GCM_SHA384
[ 1] Ignoring unsupported cipher suite: TLS_DH_anon_WITH_AES_128_GCM_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_DH_anon_WITH_AES_256_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_DH_anon_WITH_AES_128_CBC_SHA256
[ 1] Ignoring unsupported cipher suite: TLS_RSA_WITH_NULL_SHA256
[ 1] %% No cached client session
[ 1] *** ClientHello, TLSv1
[ 1] RandomCookie: GMT: 1521253092 bytes = { 202, 119, 205, 138, 39, 171, 104, 168, 201, 67, 180, 230, 31, 108, 217, 200, 65, 227, 70, 19, 13, 139, 213, 49, 71, 221, 196, 119 }
[ 1] Session ID: {}
[ 1] Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV, TLS_ECDH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_ECDH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_ECDH_anon_WITH_3DES_EDE_CBC_SHA, SSL_DH_anon_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_DH_anon_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA, SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA, TLS_ECDHE_ECDSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_NULL_SHA, SSL_RSA_WITH_NULL_SHA, TLS_ECDH_ECDSA_WITH_NULL_SHA, TLS_ECDH_RSA_WITH_NULL_SHA, TLS_ECDH_anon_WITH_NULL_SHA, SSL_RSA_WITH_NULL_MD5, TLS_KRB5_WITH_3DES_EDE_CBC_SHA, TLS_KRB5_WITH_3DES_EDE_CBC_MD5, TLS_KRB5_WITH_DES_CBC_SHA, TLS_KRB5_WITH_DES_CBC_MD5, TLS_KRB5_EXPORT_WITH_DES_CBC_40_SHA, TLS_KRB5_EXPORT_WITH_DES_CBC_40_MD5]
[ 1] Compression Methods: { 0 }
[ 1] Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1}
[ 1] Extension ec_point_formats, formats: [uncompressed]
[ 1] ***
[ 1] ProcDlgThreadCallbk@47748e2e, WRITE: TLSv1 Handshake, length = 205
[ 1] ProcDlgThreadCallbk@47748e2e, WRITE: SSLv2 client hello message, length = 209
[ 1] ProcDlgThreadCallbk@47748e2e, READ: TLSv1.2 Alert, length = 2
[ 1] ProcDlgThreadCallbk@47748e2e, RECV TLSv1.2 ALERT: fatal, handshake_failure
[ 1] ProcDlgThreadCallbk@47748e2e, called closeSocket()
[ 1] ProcDlgThreadCallbk@47748e2e, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ 1] ProcDlgThreadCallbk@47748e2e, called close()
[ 1] ProcDlgThreadCallbk@47748e2e, called closeInternal(true)
[ 1] [SSL Handshake Summary] Thread [ProcDlgThreadCallbk@47748e2e]
[ 1] [SSL Handshake Summary] Can not be sure if Client or Server
[ 1] [SSL Handshake Summary] *†‡ indicates linked optional steps
[ 1] [SSL Handshake Summary]
[ 1] [SSL Handshake Summary] 1 RUN Client Hello -->
[ 1] [SSL Handshake Summary] 2 UNKNOWN <-- Server Hello
[ 1] [SSL Handshake Summary] 3* UNKNOWN <-- Server Certificate (Public Key)
[ 1] [SSL Handshake Summary] 4† UNKNOWN <-- Request Client Certificate
[ 1] [SSL Handshake Summary] 5* UNKNOWN Verify and Trust Server Certificate v
[ 1] [SSL Handshake Summary] 6‡ UNKNOWN <-- Server Key Exchange
[ 1] [SSL Handshake Summary] 7 UNKNOWN <-- Server Hello Done
[ 1] [SSL Handshake Summary] 8† UNKNOWN Client Certificate (Public Key) -->
[ 1] [SSL Handshake Summary] 9† UNKNOWN v Verify and Trust Client Certificate
[ 1] [SSL Handshake Summary] 10 UNKNOWN Client Key Exchange -->
[ 1] [SSL Handshake Summary] 11† UNKNOWN Certificate Verify Confirmation -->
[ 1] [SSL Handshake Summary] 12 UNKNOWN Client Change Cipher Spec -->
[ 1] [SSL Handshake Summary] 13 UNKNOWN Client Finished -->
[ 1] [SSL Handshake Summary] 14 UNKNOWN <-- Server Change Cipher Spec
[ 1] [SSL Handshake Summary] 15 UNKNOWN <-- Server Finished
[ 1] [SSL Handshake Summary]
[ 1] [SSL Handshake Summary] RECV TLSv1.2 ALERT: fatal, handshake_failure
[ 1] [SSL Handshake Summary] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
[ 1] [SSL Handshake Summary] See Alert or Exception for details

Venkat,

It looks like the Workstation is still using TLSv1 and the endpoint is not accepting.

*** ClientHello, TLSv1

...

...

 ProcDlgThreadCallbk@47748e2e, RECV TLSv1.2 ALERT: fatal, handshake_failure

Make sure you have the https.protocols=TLSv1.2 set in the correct local.properties.

While running in the ITR, this property needs to be in the local.properties of your Workstation.

The property also needs to be in the local.properties of your VSE during playback.

Don't forget you need to restart the component after you modify the properties files.

If you are still having problems, try to add the following property to the vmoptions for Workstation (Workstation.vmoptions) and VSE (VirtualServiceEnvironmentService.vmoptions):

-Dhttps.protocols=TLSv1.2

Hope it helps.

Heloisa