?
Solved

SSL Handshake Failure

Posted on 2007-03-20
7
Medium Priority
?
3,132 Views
Last Modified: 2013-12-10
Hi,
Our Weblogic 8.1 SP2 application server communicates with a remote server using SSL. We had to perform a system reboot  today but soon after the service began to fail with the error "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"

We compared the certificates in the keystore on both servers and they are the same.. The last time anyone messed around these keystores was about 8 months ago but since then everything was perfectly working.

We ran a openssl test from another machine against our Application server and came up with the following:

openssl s_client -debug -showcerts -state -host 192.168.5.10 -port 7013

 

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0814FE10 [08150448] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 08 3d 21 c6 .............=!.
0060 - 82 8c 2a 19 45 05 fd b8-4b b7 35 96 ef 85 1c 03 ..*.E...K.5.....
0070 - 22 6c a2 b4 00 b1 a4 c1-ae b3 9e 71 "l.........q
SSL_connect:SSLv2/v3 write client hello A
read from 0814FE10 [081559A8] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28 ......(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
7370:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:455

Any ideas of what could be wrong and suggestions to resolve this ?

thnx
sg
0
Comment
Question by:sgaucho
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 18760173
Make sure the cert hasn't expired
0
 

Author Comment

by:sgaucho
ID: 18760199
nope.. thats not it.. and as per what I posted above, the error is occuring even before the HandShake ! - "SSL23_GET_SERVER_HELLO"
0
 

Author Comment

by:sgaucho
ID: 18760212
Valid from: Wed May 04 11:54:10 WEST 2005 until: Sun Apr 27 11:39:10 WEST 2008
0
Get MongoDB database support online, now!

At Percona’s web store you can order your MongoDB database support needs in minutes. No hassles, no fuss, just pick and click. Pay online with a credit card. Handle your MongoDB database support now!

 
LVL 86

Expert Comment

by:CEHJ
ID: 18760234
OK. Sure you haven't started the server with a different runtime?
0
 

Author Comment

by:sgaucho
ID: 18760253
sorry.. didnt get that.. u mean a different JVM ? If Yes, no.. its the same old JVM..

thnx
0
 
LVL 1

Accepted Solution

by:
sands76 earned 880 total points
ID: 18762640
hi,

Add the following to your weblogic startup script ->
-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true. This should help debug your ssl connection. Also check whether you have all the certificates in your server the same as in the remote server.

see http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1174543 for more info
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 18764249
What did the above reveal?
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the developers using Tomcat find it easy to configure the datasource in Server.xml and use the JNDI name in the code to get the connection.  So the default connection pool using DBCP (or any other framework) is made available and the life go…
Go is an acronym of golang, is a programming language developed Google in 2007. Go is a new language that is mostly in the C family, with significant input from Pascal/Modula/Oberon family. Hence Go arisen as low-level language with fast compilation…
Viewers will learn about basic arrays, how to declare them, and how to use them. Introduction and definition: Declare an array and cover the syntax of declaring them: Initialize every index in the created array: Example/Features of a basic arr…
This tutorial covers a step-by-step guide to install VisualVM launcher in eclipse.
Suggested Courses
Course of the Month12 days, 17 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question