javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Document ID : KB000014151
Last Modified Date : 02/10/2018
Show Technical Document Details
Question:

When I make a call to the REST API using DevTest workstation, I am encountering the following errors: "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure". 

 | Message: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 

---------------------------------------------------------------------------- 
| Trapped Exception: Received fatal alert: handshake_failure 
| Trapped Message: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
---------------------------------------------------------------------------- 
STACK TRACE 
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
at sun.security.ssl.Alerts.getSSLException(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.recvAlert(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 
at sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source) 

pool-1-thread-1, RECV TLSv1 ALERT:  fatal, internal_error

pool-1-thread-1, called closeSocket()

 

Environment:
All supported versions of DEVTEST
Answer:

To get more specific information on what is causing the handshake failure, we need to collect more information regarding the SSL handshake failure.
In the DevTest Workstation, under Help menu there is a HTTP/SSL Debug viewer that lets we observe the details of HTTP and SSL activity in DevTest Workstation. This feature can be helpful in performing diagnostics.
To access HTTPS and SSL Debug Viewer documentation, please take a look at the following link: https://docops.ca.com/devtest-solutions/10-4/en/using/using-ca-application-test/using-devtest-workstation-with-ca-application-test/running-test-cases-and-suites/http-and-ssl-debug-viewer/

http/SSLDebugViewer

One of the common causes for the handshake failure, is when the client application (DevTest Workstation) sends a request using a TLS version that is not supported by the server.
Example, DevTest Workstation uses TLSv1 and the Server does not accept it.
In this case, we will see something like
*** ClientHello, TLSv1
...
...
And after few lines you see a TLSv... fatal alert, it can be that the Client Hello is being executed with a TLS version not supported by the server.
In this case, we need to update the local.properties with the following property:
for TLS version 1.2:

https.protocols=TLSv1.2

for TLS version 1.1:

https.protocols=TLSv1.1

Save the properties files and restart the Workstation.

If we see the server is requesting a certificate and the Workstation is not providing the client authentication, for the REST step we will need to provide the client keystore in the local.properties under the two properties below:

ssl.client.cert.pass=[your keystore password] 
ssl.client.cert.path=[path to your keystore ]……… [path usage :  ‘ / ‘ not backward. ex: c:/mykeystore.jks]

Save the properties file and restart the Workstation.

Additional Information:

How to use different SSL Certificates for REST calls.