Reputation: 4323
SSL request fails from Soap UI, works with fiddler proxy
HTTPŞ request to SOAP web service doesn't work from SOAP UI directly, but when I put fiddler proxy, it works, it also works with WcfTestClient from Visual studio.
I tried:
1.using SOAP UI 5.0.0 and 5.2.0.
2.Putting these switches:
-Djavax.net.debug=all
-Dsun.security.ssl.allowUnsafeRenegotiation=true
-Dsun.security.ssl.allowLegacyHelloMessages=true
-Dhttps.protocols=TLSv1 (because server doesn't support SSL, only TLS)
3.Adding CA certficate and server SSL cert to (because SSL cert is signed with "homemade CA certficate")
- \jdk1.7.0_51\jre\lib\security\cacerts
- importing them trough java control panel.
Here is the exception I get:
Mon Jul 06 13:42:57 CEST 2015:ERROR:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
at sun.security.ssl.SSLSocketImpl.writeRecord(Unknown Source)
at sun.security.ssl.AppOutputStream.write(Unknown Source)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
at org.apache.http.impl.io.ContentLengthOutputStream.flush(ContentLengthOutputStream.java:102)
at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:69)
at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:119)
at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
at java.util.concurrent.Executors$RunnableAdapter.call(Unknown Source)
at java.util.concurrent.FutureTask.run(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
Caused by: java.io.EOFException: SSL peer shut down incorrectly
at sun.security.ssl.InputRecord.read(Unknown Source)
... 31 more
Upvotes: 0
Views: 7968
Answers (1)
Reputation: 4323
This problem was due to Server Name Indication. We had multiple SSL certs for different FQDN-s running on same IP:port, so server is forced to use SNI, which is apparently supported from java 7.
One more thing I didn't know is that SOAP UI has jre packed with it in installation folder, and it's version reports 1.7u55 for SOAP UI 5.2.0, but user-agent in http requests in fiddler reports Java 1.5.
As soon as we removed other SSL certs it worked from SOAP UI, that was just to prove point - that this was due to SNI. In production we have to go with SNI and make sure our clients support it.
Here is thread about SOAP UI SNI but suggestions in thread don't work, so I assume that there is no support for SNI in SOAP UI (Obviusly since the http client reports user agent: Java 1.5)
Upvotes: 4
Related Questions
- SoapUI handshake_failure on https endpoint service
- SOAP UI - ERROR:Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
- SOAP UI not working for https request (java.security.cert.CertificateException: Certificates does not conform to algorithm constraints)
- Soap ui SSl error ERROR:javax.net.ssl.SSLException: Received fatal alert: protocol_version
- SoapUI fails to connect HTTPS (SSLPeerUnverifiedException)
- SoapUI SSLException
- Connection to http://xxxxx.com refused
- ssl handShake failure soap
- javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated in SOAPUI tool
- javax.net.ssl.SSLException while calling a webservice in Soap UI through HTTPS