Search code examples
webspherekeystoresslhandshakeexception

java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

I had the client server connection working earlier, but it stopped working since few months. Below are the logs I found.

To fix this, I have imported the server's Base-64 encoded x.509 cert into the client's IBM Websphere Keystore. But it didn't make any difference!

What could be the issue?

[1/29/18 15:25:04:701 EST] 000000be XXLogger E User: [system] App: [com.xx.xyz.atom.UvwConnector] java.lang.RuntimeException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
    at org.apache.abdera.protocol.client.AbderaClient.execute(AbderaClient.java:701) 
    at org.apache.abdera.protocol.client.AbderaClient.get(AbderaClient.java:216) 
    at org.apache.abdera.protocol.client.AbderaClient.get(AbderaClient.java:404) 
    at com.xx.xyz.atom.UvwConnector.callUvwGetString(UvwConnector.java:326) 
    at com.xx.xyz.atom.UvwConnector.callUvwLearning(UvwConnector.java:298) 
    at com.xx.xyz.atom.UvwConnector.getAllCourses(UvwConnector.java:42) 
    at com.xx.xyz.web.SearchListServlet.doPost(SearchListServlet.java:35) 
    at com.xx.xyz.web.SearchListServlet.doGet(SearchListServlet.java:26) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:575) 
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:668) 
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.service(ServletWrapper.java:1225) 
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:775) 
    at com.ibm.ws.webcontainer.servlet.ServletWrapper.handleRequest(ServletWrapper.java:457) 
    at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.handleRequest(ServletWrapperImpl.java:178) 
    at com.ibm.ws.webcontainer.filter.WebAppFilterManager.invokeFilters(WebAppFilterManager.java:1032) 
    at com.ibm.ws.webcontainer.servlet.CacheServletWrapper.handleRequest(CacheServletWrapper.java:87) 
    at com.ibm.ws.webcontainer.WebContainer.handleRequest(WebContainer.java:908) 
    at com.ibm.ws.webcontainer.WSWebContainer.handleRequest(WSWebContainer.java:1662) 
    at com.ibm.ws.webcontainer.channel.WCChannelLink.ready(WCChannelLink.java:195) 
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleDiscrimination(HttpInboundLink.java:459) 
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.handleNewRequest(HttpInboundLink.java:526) 
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.processRequest(HttpInboundLink.java:312) 
    at com.ibm.ws.http.channel.inbound.impl.HttpInboundLink.ready(HttpInboundLink.java:283) 
    at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) 
    at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) 
    at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:165) 
    at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) 
    at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) 
    at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) 
    at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) 
    at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) 
    at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) 
    at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1815) 
    Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
    at com.ibm.jsse2.o.a(o.java:31) 
    at com.ibm.jsse2.o.a(o.java:37) 
    at com.ibm.jsse2.SSLSocketImpl.b(SSLSocketImpl.java:468) 
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:527) 
    at com.ibm.jsse2.SSLSocketImpl.h(SSLSocketImpl.java:554) 
    at com.ibm.jsse2.SSLSocketImpl.a(SSLSocketImpl.java:234) 
    at com.ibm.jsse2.k.write(k.java:24) 
    at java.io.BufferedOutputStream.flushBuffer(BufferedOutputStream.java:76) 
    at java.io.BufferedOutputStream.flush(BufferedOutputStream.java:134) 
    at org.apache.commons.httpclient.HttpConnection.flushRequestOutputStream(HttpConnection.java:828) 
    at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.flushRequestOutputStream(MultiThreadedHttpConnectionManager.java:1565) 
    at org.apache.commons.httpclient.HttpMethodBase.writeRequest(HttpMethodBase.java:2116) 
    at org.apache.commons.httpclient.HttpMethodBase.execute(HttpMethodBase.java:1096) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(HttpMethodDirector.java:398) 
    at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(HttpMethodDirector.java:171) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) 
    at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:323) 
    at org.apache.abdera.protocol.client.AbderaClient.execute(AbderaClient.java:688) 
    ... 32 more
Solution

  • "Handshake failure" often means there is no overlap between the server's TLS level (e.g. TLS1.2) and cipher suites, and what your WebSphere can handle.

    I'd run a test like https://www.ssllabs.com/ssltest/ against the server, then look at your QoP settings in WebSphere Security > SSL certificate and key management > SSL configurations