Solved

SSL Handshake Failure

Posted on 2007-03-20
7
3,111 Views
Last Modified: 2013-12-10
Hi,
Our Weblogic 8.1 SP2 application server communicates with a remote server using SSL. We had to perform a system reboot  today but soon after the service began to fail with the error "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"

We compared the certificates in the keystore on both servers and they are the same.. The last time anyone messed around these keystores was about 8 months ago but since then everything was perfectly working.

We ran a openssl test from another machine against our Application server and came up with the following:

openssl s_client -debug -showcerts -state -host 192.168.5.10 -port 7013

 

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0814FE10 [08150448] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 08 3d 21 c6 .............=!.
0060 - 82 8c 2a 19 45 05 fd b8-4b b7 35 96 ef 85 1c 03 ..*.E...K.5.....
0070 - 22 6c a2 b4 00 b1 a4 c1-ae b3 9e 71 "l.........q
SSL_connect:SSLv2/v3 write client hello A
read from 0814FE10 [081559A8] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28 ......(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
7370:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:455

Any ideas of what could be wrong and suggestions to resolve this ?

thnx
sg
0
Comment
Question by:sgaucho
  • 3
  • 3
7 Comments
 
LVL 86

Expert Comment

by:CEHJ
ID: 18760173
Make sure the cert hasn't expired
0
 

Author Comment

by:sgaucho
ID: 18760199
nope.. thats not it.. and as per what I posted above, the error is occuring even before the HandShake ! - "SSL23_GET_SERVER_HELLO"
0
 

Author Comment

by:sgaucho
ID: 18760212
Valid from: Wed May 04 11:54:10 WEST 2005 until: Sun Apr 27 11:39:10 WEST 2008
0
Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

 
LVL 86

Expert Comment

by:CEHJ
ID: 18760234
OK. Sure you haven't started the server with a different runtime?
0
 

Author Comment

by:sgaucho
ID: 18760253
sorry.. didnt get that.. u mean a different JVM ? If Yes, no.. its the same old JVM..

thnx
0
 
LVL 1

Accepted Solution

by:
sands76 earned 220 total points
ID: 18762640
hi,

Add the following to your weblogic startup script ->
-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true. This should help debug your ssl connection. Also check whether you have all the certificates in your server the same as in the remote server.

see http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1174543 for more info
0
 
LVL 86

Expert Comment

by:CEHJ
ID: 18764249
What did the above reveal?
0

Featured Post

Gigs: Get Your Project Delivered by an Expert

Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction This article is the first of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article explains our test automation goals. Then rationale is given for the tools we use to a…
Introduction This article is the last of three articles that explain why and how the Experts Exchange QA Team does test automation for our web site. This article covers our test design approach and then goes through a simple test case example, how …
The viewer will learn how to implement Singleton Design Pattern in Java.
This video teaches viewers about errors in exception handling.

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question