Getting SSLHandshake Exception between two Websphere Servers

Question

There are 2 Websphere servers. First is Client and Second is Server (8.5.5.13).

An End-User makes a SOAP request to Client. Client receives the request, do some processing and then makes a REST request to the Server.

When the Server receives the request from Client it throws the below exception.

ERROR 22304 --- [ebContainer : 2] c.i.w.s.c.impl.SSLHandshakeErrorTracker : SSLC0008E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported

We have tested after enabling TLSv1.2 and then TLSv1 at the our Server level. We have exported the certificate from the Server and added in the Client trust store as well. But still we are not able to resolve the error.

Questions:
1. Do we need to keep the same TLS version at our Server which is present in the Client WebSphere?
2. We have deployed our application is java7. Is it due to Java version we are facing the issue?
3. Is it due to Certificate only, or something else?

When we disable the Global security at our Server then the request is processing correctly.

Answer 1

This error was due to the TLS version incompitability at Server. The client was sending the request using TLSv1 and server has TLSv1.2 enabled in it. For SSL handshake, the first thing is TLS compitability. The client and server should have same TLS versions.

After this if you are using one way SSL handshake, then the certificate from the server machine needs to extract and the same should be installed in the Client machine. This way SSL Handshake will happen.