• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3141
  • Last Modified:

SSL Handshake Failure

Hi,
Our Weblogic 8.1 SP2 application server communicates with a remote server using SSL. We had to perform a system reboot  today but soon after the service began to fail with the error "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure"

We compared the certificates in the keystore on both servers and they are the same.. The last time anyone messed around these keystores was about 8 months ago but since then everything was perfectly working.

We ran a openssl test from another machine against our Application server and came up with the following:

openssl s_client -debug -showcerts -state -host 192.168.5.10 -port 7013

 

CONNECTED(00000003)
SSL_connect:before/connect initialization
write to 0814FE10 [08150448] (124 bytes => 124 (0x7C))
0000 - 80 7a 01 03 01 00 51 00-00 00 20 00 00 16 00 00 .z....Q... .....
0010 - 13 00 00 0a 07 00 c0 00-00 66 00 00 05 00 00 04 .........f......
0020 - 03 00 80 01 00 80 08 00-80 00 00 65 00 00 64 00 ...........e..d.
0030 - 00 63 00 00 62 00 00 61-00 00 60 00 00 15 00 00 .c..b..a..`.....
0040 - 12 00 00 09 06 00 40 00-00 14 00 00 11 00 00 08 ......@.........
0050 - 00 00 06 00 00 03 04 00-80 02 00 80 08 3d 21 c6 .............=!.
0060 - 82 8c 2a 19 45 05 fd b8-4b b7 35 96 ef 85 1c 03 ..*.E...K.5.....
0070 - 22 6c a2 b4 00 b1 a4 c1-ae b3 9e 71 "l.........q
SSL_connect:SSLv2/v3 write client hello A
read from 0814FE10 [081559A8] (7 bytes => 7 (0x7))
0000 - 15 03 01 00 02 02 28 ......(
SSL3 alert read:fatal:handshake failure
SSL_connect:error in SSLv2/v3 read server hello A
7370:error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure:s23_clnt.c:455

Any ideas of what could be wrong and suggestions to resolve this ?

thnx
sg
0
sgaucho
Asked:
sgaucho
  • 3
  • 3
1 Solution
 
CEHJCommented:
Make sure the cert hasn't expired
0
 
sgauchoAuthor Commented:
nope.. thats not it.. and as per what I posted above, the error is occuring even before the HandShake ! - "SSL23_GET_SERVER_HELLO"
0
 
sgauchoAuthor Commented:
Valid from: Wed May 04 11:54:10 WEST 2005 until: Sun Apr 27 11:39:10 WEST 2008
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
CEHJCommented:
OK. Sure you haven't started the server with a different runtime?
0
 
sgauchoAuthor Commented:
sorry.. didnt get that.. u mean a different JVM ? If Yes, no.. its the same old JVM..

thnx
0
 
sands76Commented:
hi,

Add the following to your weblogic startup script ->
-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true. This should help debug your ssl connection. Also check whether you have all the certificates in your server the same as in the remote server.

see http://e-docs.bea.com/wls/docs81/secmanage/ssl.html#1174543 for more info
0
 
CEHJCommented:
What did the above reveal?
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now