0

I had the client server connection working earlier, but it stopped working since few months. Below are the logs I found.

To fix this, I have imported the server's Base-64 encoded x.509 cert into the client's IBM Websphere Keystore. But it didn't make any difference!

What could be the issue?

[1/29/18 15:25:04:701 EST] 000000be XXLogger E User: [system] App: [com.xx.xyz.atom.UvwConnector] java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
    at org.apache.abdera.protocol.client.AbderaClient.execute(AbderaClient.java:701) 
    at org.apache.abdera.protocol.client.AbderaClient.get(AbderaClient.java:216) 
    at org.apache.abdera.protocol.client.AbderaClient.get(AbderaClient.java:404) 
    at com.xx.xyz.atom.UvwConnector.callUvwGetString(UvwConnector.java:326) 
    at com.xx.xyz.atom.UvwConnector.callUvwLearning(UvwConnector.java:298) 
    at com.xx.xyz.atom.UvwConnector.getAllCourses(UvwConnector.java:42) 
    at com.xx.xyz.web.SearchListServlet.doPost(SearchListServlet.java:35) 
    at com.xx.xyz.web.SearchListServlet.doGet(SearchListServlet.java:26) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:575) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668) 
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1225) 
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:775) 
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:457) 
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178) 
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1032) 
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87) 
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:908) 
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662) 
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195) 
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459) 
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526) 
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312) 
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:283) 
    at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) 
    at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) 
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) 
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) 
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) 
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) 
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) 
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) 
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) 
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1815) 
    Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
    at com.ibm.jsse2.o.a(o.java:31) 
    at com.ibm.jsse2.o.a(o.java:37) 
    at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:468) 
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:527) 
    at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:554) 
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:234) 
    at com.ibm.jsse2.k.write(k.java:24) 
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:76) 
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:134) 
    at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828) 
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565) 
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116) 
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) 
    at org.apache.abdera.protocol.client.AbderaClient.execute(AbderaClient.java:688) 
    ... 32 more
Stranger
  • 147
  • 2
  • 15
  • You may not be using a WebSphere SSL configuration. If you add the servers certificate to the JDK's cacerts file do things work? You are using HttpClient, are you calling it with the useSystemProperties() option? Without the useSystemProperties() option HttpClient will not use WebSphere SSLContext. – Alaine Mar 05 '18 at 17:24

1 Answers1

0

"Handshake failure" often means there is no overlap between the server's TLS level (e.g. TLS1.2) and cipher suites, and what your WebSphere can handle.

I'd run a test like https://www.ssllabs.com/ssltest/ against the server, then look at your QoP settings in WebSphere Security > SSL certificate and key management > SSL configurations

dbreaux
  • 4,982
  • 1
  • 25
  • 64