Not able to connect to server through java code. Getting javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Solution 1
I am new to rest-assured, but the java SSL problems like handshake_failure
are usually the same:
- Incompatible cipher suites: The client has to use a cipher suite enabled by the server
- Incompatible versions of SSL/TLS: The client have to ensure that it uses a compatible version. For example the server might force TLS1.2 that is not enabled by default in java7
- Incomplete trust path for the server certificate: the server certificate is probably not trusted by the client. Usually the fix is to import the server certificate chain in into the client trust store.
- Bad server config, like certificate issued to a different domain or certificate chain incomplete. In the case the fix is on server part
To detect the cause the following environment variable can be set to verbose the protocol details
-Djavax.net.debug=ssl
For your specific issue with SSL, take a look at rest assured ssl documentation https://github.com/rest-assured/rest-assured/wiki/Usage#ssl
First you can try to disable usual https verification
given().relaxedHTTPSValidation().when().get("https://some_server.com"). ..
If it works, create a JKS truststore with the certificates of the server
1)Download them from the server (click on browser green lock and download each one) 2) Create the JKS with keytool and import the trusted certificates. Follow the guide in rest-assured guide or use portecle 3) Configure truststore in JKS
given().keystore("/pathToJksInClassPath", <password>). ..
If you need client authentication ( I think no), check this post How to make HTTPS GET call with certificate in Rest-Assured java
If nothing of this works for you, do not forget todebug the SSL connection with
-Djavax.net.debug=ssl
Ensure that the algorithm of your server is supported by your client. For example if you use Java7, TLS1.2 is not enabled by default
Solution 2
Try overriding the apache HTTP Client version--upgrading it to 4.5.3 in my pom.xml file fixed it for me.
kaizen
Updated on July 23, 2022Comments
-
kaizen almost 2 years
I am trying to build a Test Automation Tool for REST API on AWS using rest-assured framework. I just tried with a simple HTTP POST and checking the output JSON body. But when I run that in Eclipse I get SSLHandshakeException. I did try to look into the issue and found it could be something related to server certificate (Received fatal alert: handshake_failure through SSLHandshakeException) but when I test it through POSTMAN it is running fine and gives desired output. Also if I hit the URI through the browser does gets the response from the server(Error message). I am novice to SSL programming and will like to know what could be the root cause behind it and how I can fix that and proceed.
Here is the code snippet for my test method.
public class First { @Test public void myFirstRestAssuredTest() { given().header("content-type", "application/json").and().header("cache-control", "no-cache").expect().body("messageType", equalTo("XYZ")).when().post(https://my-server-address.com/postUpdate"); } }
This is the stack trace I am getting :
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:553) at org.apache.http.conn.ssl.SSLSocketFactory.connectSocket(SSLSocketFactory.java:412) at org.apache.http.impl.conn.DefaultClientConnectionOperator.openConnection(DefaultClientConnectionOperator.java:179) at org.apache.http.impl.conn.ManagedClientConnectionImpl.open(ManagedClientConnectionImpl.java:328) at org.apache.http.impl.client.DefaultRequestDirector.tryConnect(DefaultRequestDirector.java:612) at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:447) at org.apache.http.impl.client.AbstractHttpClient.doExecute(AbstractHttpClient.java:884) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:82) at org.apache.http.impl.client.CloseableHttpClient.execute(CloseableHttpClient.java:55) at org.apache.http.client.HttpClient$execute$0.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133) at io.restassured.internal.RequestSpecificationImpl$RestAssuredHttpBuilder.doRequest(RequestSpecificationImpl.groovy:2028) at io.restassured.internal.http.HTTPBuilder.post(HTTPBuilder.java:349) at io.restassured.internal.http.HTTPBuilder$post$2.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133) at io.restassured.internal.RequestSpecificationImpl.sendRequest(RequestSpecificationImpl.groovy:1202) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1212) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1021) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:812) at io.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy) at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:48) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:149) at io.restassured.internal.filter.SendRequestFilter.filter(SendRequestFilter.groovy:30) at io.restassured.filter.Filter$filter$0.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at io.restassured.filter.Filter$filter.call(Unknown Source) at io.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:72) at io.restassured.filter.time.TimingFilter.filter(TimingFilter.java:56) at io.restassured.filter.Filter$filter.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:141) at io.restassured.internal.filter.FilterContextImpl.next(FilterContextImpl.groovy:72) at io.restassured.filter.FilterContext$next.call(Unknown Source) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCall(CallSiteArray.java:48) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:113) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.call(AbstractCallSite.java:133) at io.restassured.internal.RequestSpecificationImpl.applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy:1631) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1212) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1021) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:812) at io.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy) at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:48) at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:58) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:52) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:154) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:182) at io.restassured.internal.RequestSpecificationImpl.applyPathParamsAndSendRequest(RequestSpecificationImpl.groovy:1637) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.codehaus.groovy.reflection.CachedMethod.invoke(CachedMethod.java:93) at groovy.lang.MetaMethod.doMethodInvoke(MetaMethod.java:325) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1212) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:1021) at groovy.lang.MetaClassImpl.invokeMethod(MetaClassImpl.java:812) at io.restassured.internal.RequestSpecificationImpl.invokeMethod(RequestSpecificationImpl.groovy) at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.call(PogoInterceptableSite.java:48) at org.codehaus.groovy.runtime.callsite.PogoInterceptableSite.callCurrent(PogoInterceptableSite.java:58) at org.codehaus.groovy.runtime.callsite.CallSiteArray.defaultCallCurrent(CallSiteArray.java:52) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:154) at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callCurrent(AbstractCallSite.java:182) at io.restassured.internal.RequestSpecificationImpl.post(RequestSpecificationImpl.groovy:170) at io.restassured.internal.RequestSpecificationImpl.post(RequestSpecificationImpl.groovy) at restassuredtest.First.myFirstRestAssuredTest(First.java:34) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:47) at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12) at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:44) at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17) at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:271) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:70) at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:50) at org.junit.runners.ParentRunner$3.run(ParentRunner.java:238) at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:63) at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:236) at org.junit.runners.ParentRunner.access$000(ParentRunner.java:53) at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:229) at org.junit.runners.ParentRunner.run(ParentRunner.java:309) at org.eclipse.jdt.internal.junit4.runner.JUnit4TestReference.run(JUnit4TestReference.java:86) at org.eclipse.jdt.internal.junit.runner.TestExecution.run(TestExecution.java:38) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:459) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.runTests(RemoteTestRunner.java:675) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.run(RemoteTestRunner.java:382) at org.eclipse.jdt.internal.junit.runner.RemoteTestRunner.main(RemoteTestRunner.java:192)
Logs after adding certificates in caserts file.
trigger seeding of SecureRandom done seeding SecureRandom Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_DHE_DSS_WITH_AES_256_CBC_SHA256 Ignoring unavailable cipher suite: TLS_DHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA Ignoring unavailable cipher suite: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 main, setSoTimeout(0) called Allow unsafe renegotiation: false Allow legacy hello messages: true Is initial handshake: true Is secure renegotiation: false Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1 Ignoring unsupported cipher suite: TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 for TLSv1.1 Ignoring unsupported cipher suite: TLS_DHE_DSS_WITH_AES_128_CBC_SHA256 for TLSv1.1 %% No cached client session *** ClientHello, TLSv1.2 RandomCookie: GMT: 1465583840 bytes = { 89, 209, 72, 175, 175, 187, 136, 39, 217, 133, 241, 84, 37, 130, 134, 92, 132, 179, 147, 40, 230, 111, 93, 56, 71, 15, 75, 197 } Session ID: {} Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV] Compression Methods: { 0 } Extension elliptic_curves, curve names: {secp256r1, sect163k1, sect163r2, secp192r1, secp224r1, sect233k1, sect233r1, sect283k1, sect283r1, secp384r1, sect409k1, sect409r1, secp521r1, sect571k1, sect571r1, secp160k1, secp160r1, secp160r2, sect163r1, secp192k1, sect193r1, sect193r2, secp224k1, sect239k1, secp256k1} Extension ec_point_formats, formats: [uncompressed] Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA *** main, WRITE: TLSv1.2 Handshake, length = 193 main, READ: TLSv1.2 Alert, length = 2 main, RECV TLSv1.2 ALERT: fatal, handshake_failure main, called closeSocket() main, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure main, called close() main, called closeInternal(true)
Update 6/14/2016
OpenSSL> s_client -connect my_server_name.amazonaws.com:443 -tls1 -servername www.amazon.com -CAfile aws3.pem CONNECTED(0000016C) depth=2 C = US, O = "VeriSign, Inc.", OU = VeriSign Trust Network, OU = "(c) 2006 VeriSign, Inc. - For authorized use only", CN = VeriSign Class 3 Public Primary Certification Authority - G5 verify return:1 depth=1 C = US, O = Symantec Corporation, OU = Symantec Trust Network, CN = Symantec Class 3 Secure Server CA - G4 verify return:1 depth=0 C = US, ST = Washington, L = Seattle, O = "Amazon.com, Inc.", CN = *.cloudfront.net verify return:1 --- Certificate chain 0 s:/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.cloudfront.net i:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 1 s:/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 i:/C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. - For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority - G5 --- Server certificate -----BEGIN CERTIFICATE----- MIIE6TCCA9GgAwIBAgIQda4+BvJnDaiKn2CAMJPnfTANBgkqhkiG9w0BAQsFADB+ MQswCQYDVQQGEwJVUzEdMBsGA1UEChMUU3ltYW50ZWMgQ29ycG9yYXRpb24xHzAd BgNVBAsTFlN5bWFudGVjIFRydXN0IE5ldHdvcmsxLzAtBgNVBAMTJlN5bWFudGVj IENsYXNzIDMgU2VjdXJlIFNlcnZlciBDQSAtIEc0MB4XDTE1MDkxNzAwMDAwMFoX DTE2MTIxNTIzNTk1OVowajELMAkGA1UEBhMCVVMxEzARBgNVBAgMCldhc2hpbmd0 b24xEDAOBgNVBAcMB1NlYXR0bGUxGTAXBgNVBAoMEEFtYXpvbi5jb20sIEluYy4x GTAXBgNVBAMMECouY2xvdWRmcm9udC5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IB DwAwggEKAoIBAQCDrJ0Z2KMhNFvi0Ugsb2PafdUkq5xQSr+LN9j3iyVm3RrsLGDQ DE/pn/Xu2wHLMHhEh9XqeNhH/k2sMCjLb/YWJ+Ko17cWSV/PyjarTcG7c7w9NyYL SIbdWBdWYxgrbQH78haPQRYvvkRavuuzfr8jPAwEMadHpFC7pzPzkBomAKTKCN6X wm5TQpT9BIKqEIepwh17Q0BZoa0ptqxEU1hGtl6JGwyRGA9H0gMBjwgTUJeHOeX5 Qrdh0pc5CLjZivmvSc/4MldGvbkvBAXeFli8ag833KtN5c+yDtegynjpQFWZ6Gzw vJxeUZLpxgKAuuVwcNf170VuqCBnaOEiwm/TAgMBAAGjggF1MIIBcTArBgNVHREE JDAigg5jbG91ZGZyb250Lm5ldIIQKi5jbG91ZGZyb250Lm5ldDAJBgNVHRMEAjAA MA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUHAwIw YQYDVR0gBFowWDBWBgZngQwBAgIwTDAjBggrBgEFBQcCARYXaHR0cHM6Ly9kLnN5 bWNiLmNvbS9jcHMwJQYIKwYBBQUHAgIwGRoXaHR0cHM6Ly9kLnN5bWNiLmNvbS9y cGEwHwYDVR0jBBgwFoAUX2DPYZBV34RDFIpgKrL1evRDGO8wKwYDVR0fBCQwIjAg oB6gHIYaaHR0cDovL3NzLnN5bWNiLmNvbS9zcy5jcmwwVwYIKwYBBQUHAQEESzBJ MB8GCCsGAQUFBzABhhNodHRwOi8vc3Muc3ltY2QuY29tMCYGCCsGAQUFBzAChhpo dHRwOi8vc3Muc3ltY2IuY29tL3NzLmNydDANBgkqhkiG9w0BAQsFAAOCAQEANKKz U35E8ayXRcwY8N7KjpiDSfryEuUXw3wiOBrH0IoHbaQcdfqmwe4EmGOPrz6l+FKw 97Qv4BiwNYBW/Vp3H4oeikx7Tc0iYkLKarfjufykAm8DaWwcbe2Q540bZP1tIBTE RzkMmbBI0fgTUAgM1/ts7upvwJTTOIvpypQRN+M1S/iELdK7bNUxX8wT2lDAdT3O scE5btZGhLPCNE7fOCfGxfGE8GHD26+lTcWdAa7cqskIVWBEMttpb9rzm00uzBbx Q5VxsnxdDxywkmTah0Zprw/J68y4O1rhsluDQoBHfkd8ggk1pOQay/9TuqSRO/b7 uVRSvs/HJXLwRXiJKA== -----END CERTIFICATE----- subject=/C=US/ST=Washington/L=Seattle/O=Amazon.com, Inc./CN=*.cloudfront.net issuer=/C=US/O=Symantec Corporation/OU=Symantec Trust Network/CN=Symantec Class 3 Secure Server CA - G4 --- No client certificate CA names sent Server Temp Key: ECDH, P-256, 256 bits --- SSL handshake has read 3284 bytes and written 356 bytes --- New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1 Cipher : ECDHE-RSA-AES128-SHA Session-ID: EE111BD2FFFE75AF719AD48D6D07D2CBB1A9B078CE8CF9F1E47D3CE0D9F8CF86 Session-ID-ctx: Master-Key: 507ADD06A6B1729AD4B0441AB124C7F2CE5FD492B08527CE5FFE62DAE7B0FF7A6EE8D53401978BAAC75F62FBA1F289D5 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None TLS session ticket lifetime hint: 10800 (seconds) TLS session ticket: 0000 - c5 40 de d4 76 bc 79 07-a4 87 5f 8d 99 38 c8 92 [email protected]..._..8.. 0010 - e5 b0 b4 b3 f1 b6 92 18-d6 d8 94 18 56 27 fa de ............V'.. 0020 - 0d 7b 8a ac e0 f7 7e 68-c5 7e a4 7e 73 78 b0 45 .{....~h.~.~sx.E 0030 - 06 70 10 34 54 37 ce ff-01 d5 62 20 2a b9 2e 7d .p.4T7....b *..} 0040 - 9e 24 72 a9 b7 37 54 d5-1c 0e 9e 63 84 1f 09 2c .$r..7T....c..., 0050 - c6 4c 44 c5 f2 ea 07 23-40 a1 38 d4 d5 77 c8 4a .LD....#@.8..w.J 0060 - 12 3f b1 91 7c e0 40 07-3f 66 bf 3c 30 02 d6 a5 .?..|.@.?f.<0... 0070 - 9e 46 f8 97 27 c7 35 9f-44 9d 7b 93 66 ea 02 a8 .F..'.5.D.{.f... 0080 - 32 ec b0 4d 56 6d eb 77-22 df da e9 63 64 f3 70 2..MVm.w"...cd.p 0090 - 2e af 52 c8 c9 89 6e 37-63 5a b2 d1 ca ea 9a 43 ..R...n7cZ.....C 00a0 - 16 e5 7b f0 f6 dc 10 9a-20 06 fe c8 c7 9f 24 12 ..{..... .....$. Start Time: 1465936365 Timeout : 7200 (sec) Verify return code: 0 (ok) --- closed
-
kaizen almost 8 yearsI tried the above steps but still I am not able to proceed. For your last point I did checked about TLS1.2 compatibility it is defualt for Java 1.8 [link]( blogs.oracle.com/java-platform-group/entry/java_8_will_use_tls ). Also, after debugging the SSL connection it shows the certificates I have added into the cacerts file but still its gives handshake exception. Can you think of something else for this issue?
-
pedrofb almost 8 yearsCheck your server with SSLlabs looking for errors and supported config. Also you could attach the ssl debug log so we can take a look
-
kaizen almost 8 yearsI have added the logs in my original post. The logs are after the trusted certs details.
-
pedrofb almost 8 yearsYou checked the server with SSLLabs?
-
kaizen almost 8 yearsYa I did that. Any specific thing I should check in SSLLabs for my server?
-
pedrofb almost 8 yearsLook for issues with certificate or chain. Ensure all is 'green'. Tlsv1.2 enabled. I can not set anything at logs. The handshake is using tlsv1.2? Check if client cipher suite is compatible wih server cipher suite
-
kaizen almost 8 yearsThis is what I got now when I ran again : Chain issues None , Protocols TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No, Server sent fatal alert: handshake_failure for - IE 6/XP, IE 8/XP, Java 6u45
-
kaizen almost 8 yearsFor Java8 details in SSLLabs, under Protocol details there is NO for SSL 2 handshake compatibility.
-
pedrofb almost 8 yearsExcept handshake_failure for java6, everything is normal. One additional check. ¿Are you using the unlimited security policy of java 8? You have to download and install. This will unlock additional ciphers. Please install it, debug the CLIENT HELLO and SERVER HELLO, and be aware about the cipher list sent by the client, the list received from server, and check that are at least one in common
-
kaizen almost 8 yearsJust tried with installing security policy for java 8 but still the same case/ Getting same exception!!
-
kaizen almost 8 yearsCan it be something from the server side? I just tried to make a connection without REST Assured from Java using simple URL and HttpsURLConnection and I got 403 - forbidden. But it does work using POSTMAN. Still can there be some parameters which need to be set from the server?
-
pedrofb almost 8 yearsa 403 is a code returned by server after handshake, so it could be a bad configuration of rest-assured. It means that server is working propertly. I suggest build a fully functional java example without rest-assured, debug the ssl connection and check differences: protocol, ciphers and keystore to fix the problem
-
kaizen almost 8 yearsI tried a fully functional example using Apache HTTPClient and it is working fine with that and on comparing logs with rest assured one it has same protocol and ciphers and I have already added the keystore earlier. I also tried getting details using openSSL Client. I have added that in my original post. openSSL shows Protocol as TLSv1 but logs in Java shows TLSv1.2 but TLSv1.2 is backward compatible, so that won't be a problem I guess
-
pedrofb almost 8 yearsMaybe a bug?. It is possibe for you updating to newest versión or downgrade to latest stable? In this forum they also suggest use relaxedHTTPconfig or define your own sslsocketfactory groups.google.com/forum/m/#!topic/rest-assured/68MtRdXgoSg
-
kaizen almost 8 yearsI just came to post the same link, that it may be a bug in REST assured itself but you already posted the same link.. :) .. Also the workaround given in this forum seems obsolete and doesn't work with latest version. I need to check with earlier version though if it works.
-
kaizen almost 8 yearsAlso there is this latest conversation about the issue.
-
DerekD about 7 yearsAlso worked for me. Does not require relaxedHTTPSValidation either.
-
Harish Talanki almost 7 yearsThanks.. this worked for me!!! This is the dependency that I added, <dependency> <groupId>org.apache.httpcomponents</groupId> <artifactId>httpclient</artifactId> <version>4.5.3</version> </dependency>
-
chucknelson over 6 yearsYep - this rest-assured SSLHandshakeException issue seems related to a bug or unexpected behavior from httpclient 4.5.2. Can also confirm overriding with 4.5.3 resolved the problem.
-
dave_thompson_085 about 6 yearsYour bullets 3 and 4 (server cert issues) can cause failure of SSL/TLS handshake and SSLHandshakeException, but never the specific failure in this Q = "received fatal alert: handshake_failure". Another possibility, common since just about 2016 and especially for shared hosting like AWS/Cloudfront, is that the server requires SNI (ServerNameIndication) in ClientHello and the client didn't send it, which depends on Java version and code used, confirmed here by the posted debuglog. OTOH that googrope link is for "Path building failed" which is a cert issue.
-
Ewoks almost 5 yearsDid you resolved it at the end? Information about resolution would be very useful to others
-
Chandra Shekhar almost 4 yearsAdding relaxedHTTPSValidation() helped to remove SSLHandshakeException