1

I'm building little SOAP API on AWS Lambda(node.js) behind API Gateway. I have added custom domain with trusted certificate (COMODO RSA Certification Authority) but when I try any request from SoapUI (v5.2.1 on OSX) it fails with handshake_failure.

API URL: https://arrivacz-custom.bileto.com/terminal

I have tried to create keystore with public part of certificate and add it to Project Settings -> WS-Security Configurations -> Keystores and Truststores but it didn't help.

I have also tried to add to add few lines to SoapUI/Contents/vmoptions.txt

-Dcom.sun.net.ssl.checkRevocation=false
-Dsun.security.ssl.allowUnsafeRenegotiation=true
-Dcom.sun.net.ssl.enableECC=false
-Djavax.net.debug=all
-Dsoapui.https.protocols=TLSv1.2

Because I need this just for testing I can go with ignoring all SSL errors but I can't find how to do that.

Can you please suggest me way how to make this working.

SoapUI error log:

Fri Feb 19 11:49:48 CET 2016:ERROR:javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
   javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
    at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
    at org.apache.http.impl.io.ContentLengthOutputStream.flush(ContentLengthOutputStream.java:102)
    at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:69)
    at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
    at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
    at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
    at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
    at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
    at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:119)
    at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
    at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
    at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)

SoapUI log with network debug:

Fri Feb 19 11:49:01 CET 2016:INFO:initialized soapui-settings from [/Users/jakubriedl/soapui-settings.xml]
Fri Feb 19 11:49:01 CET 2016:INFO:Initializing KeyStore
Fri Feb 19 11:49:02 CET 2016:ERROR:An error occurred [No private keys found in keystore!], see error log for details
Fri Feb 19 11:49:04 CET 2016:INFO:Adding plugin from [/Users/jakubriedl/.soapuios/plugins/soapui-swagger-plugin-2.2-dist.jar]
Fri Feb 19 11:49:04 CET 2016:INFO:Adding plugin from [/Users/jakubriedl/.soapuios/plugins/ready-uxm-plugin-1.0.1-dist.jar]
Fri Feb 19 11:49:05 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Fri Feb 19 11:49:05 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Fri Feb 19 11:49:05 CET 2016:INFO:Adding plugin from [/Users/jakubriedl/.soapuios/plugins/ready-mqtt-plugin-dist.jar]
Fri Feb 19 11:49:05 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Fri Feb 19 11:49:05 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Added AutoFactory for [PluginPrefs]
Added AutoFactory for [PluginPanelBuilder]
Added AutoFactory for [PluginPanelBuilder]
Added AutoFactory for [PluginPanelBuilder]
Added AutoFactory for [PluginTestStep]
Added AutoFactory for [PluginTestStep]
Added AutoFactory for [PluginTestStep]
Fri Feb 19 11:49:06 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Fri Feb 19 11:49:06 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Fri Feb 19 11:49:06 CET 2016:INFO:Adding plugin from [/Users/jakubriedl/.soapuios/plugins/readyapi-swaggerhub-plugin-1.0.jar]
Fri Feb 19 11:49:06 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Fri Feb 19 11:49:06 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Fri Feb 19 11:49:06 CET 2016:INFO:4 plugins loaded in 2112 ms
Fri Feb 19 11:49:06 CET 2016:INFO:All plugins loaded
Fri Feb 19 11:49:06 CET 2016:INFO:initialized soapui-settings from [/Users/jakubriedl/soapui-settings.xml]
Fri Feb 19 11:49:07 CET 2016:INFO:Adding plugin from [/Users/jakubriedl/.soapuios/plugins/soapui-swagger-plugin-2.2-dist.jar]
Fri Feb 19 11:49:07 CET 2016:INFO:Adding plugin from [/Users/jakubriedl/.soapuios/plugins/ready-uxm-plugin-1.0.1-dist.jar]
Fri Feb 19 11:49:08 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Fri Feb 19 11:49:08 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Fri Feb 19 11:49:08 CET 2016:INFO:Adding plugin from [/Users/jakubriedl/.soapuios/plugins/ready-mqtt-plugin-dist.jar]
Fri Feb 19 11:49:08 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Fri Feb 19 11:49:08 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Added AutoFactory for [PluginPrefs]
Added AutoFactory for [PluginPanelBuilder]
Added AutoFactory for [PluginPanelBuilder]
Added AutoFactory for [PluginPanelBuilder]
Added AutoFactory for [PluginTestStep]
Added AutoFactory for [PluginTestStep]
Added AutoFactory for [PluginTestStep]
Fri Feb 19 11:49:08 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Fri Feb 19 11:49:08 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Fri Feb 19 11:49:08 CET 2016:INFO:Adding plugin from [/Users/jakubriedl/.soapuios/plugins/readyapi-swaggerhub-plugin-1.0.jar]
Fri Feb 19 11:49:09 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoDiscoveryMethodFactory], see error log for details
Fri Feb 19 11:49:09 CET 2016:ERROR:An error occurred [com.eviware.soapui.plugins.auto.factories.AutoImportMethodFactory], see error log for details
Fri Feb 19 11:49:09 CET 2016:INFO:4 plugins loaded in 1529 ms
Fri Feb 19 11:49:09 CET 2016:INFO:All plugins loaded
Fri Feb 19 11:49:09 CET 2016:INFO:Loading workspace from [/Users/jakubriedl/default-soapui-workspace.xml]
Fri Feb 19 11:49:09 CET 2016:INFO:Loaded project from [file:/Users/jakubriedl/Desktop/xsd/A4Res-soapui-project.xml]
Fri Feb 19 11:49:09 CET 2016:INFO:Defaulting to native L&F for Mac OS X
Fri Feb 19 11:49:10 CET 2016:INFO:Used java version: 1.7.0_55
Scheduling garbage collection every 60 seconds
The cajo server is running on localhost:1198/soapuiIntegration
Fri Feb 19 11:49:48 CET 2016:DEBUG:Attempt 1 to execute request
Fri Feb 19 11:49:48 CET 2016:DEBUG:Sending request: POST /terminal HTTP/1.1
Fri Feb 19 11:49:48 CET 2016:DEBUG:I/O error closing connection
   javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.SSLSocketImpl.checkEOF(SSLSocketImpl.java:1476)
    at sun.security.ssl.SSLSocketImpl.checkWrite(SSLSocketImpl.java:1488)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:70)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
    at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
    at org.apache.http.impl.AbstractHttpClientConnection.doFlush(AbstractHttpClientConnection.java:270)
    at org.apache.http.impl.SocketHttpClientConnection.close(SocketHttpClientConnection.java:245)
    at org.apache.http.impl.conn.DefaultClientConnection.close(DefaultClientConnection.java:164)
    at org.apache.http.impl.conn.AbstractPooledConnAdapter.close(AbstractPooledConnAdapter.java:152)
    at org.apache.http.protocol.HttpRequestExecutor.closeConnection(HttpRequestExecutor.java:142)
    at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:129)
    at org.apache.http.impl.client.DefaultRequestDirector.tryExecute(DefaultRequestDirector.java:633)
    at org.apache.http.impl.client.DefaultRequestDirector.execute(DefaultRequestDirector.java:454)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:820)
    at org.apache.http.impl.client.AbstractHttpClient.execute(AbstractHttpClient.java:754)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$Helper.execute(HttpClientSupport.java:233)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport.execute(HttpClientSupport.java:323)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.submitRequest(HttpClientRequestTransport.java:290)
    at com.eviware.soapui.impl.wsdl.submit.transports.http.HttpClientRequestTransport.sendRequest(HttpClientRequestTransport.java:220)
    at com.eviware.soapui.impl.wsdl.WsdlSubmit.run(WsdlSubmit.java:119)
    at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)
    at java.util.concurrent.FutureTask.run(FutureTask.java:262)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
    at java.lang.Thread.run(Thread.java:745)
   Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:154)
    at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1959)
    at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1077)
    at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1312)
    at sun.security.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:702)
    at sun.security.ssl.AppOutputStream.write(AppOutputStream.java:122)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flushBuffer(AbstractSessionOutputBuffer.java:131)
    at org.apache.http.impl.io.AbstractSessionOutputBuffer.flush(AbstractSessionOutputBuffer.java:138)
    at org.apache.http.impl.conn.LoggingSessionOutputBuffer.flush(LoggingSessionOutputBuffer.java:95)
    at org.apache.http.impl.io.ContentLengthOutputStream.flush(ContentLengthOutputStream.java:102)
    at org.apache.http.entity.ByteArrayEntity.writeTo(ByteArrayEntity.java:69)
    at org.apache.http.entity.HttpEntityWrapper.writeTo(HttpEntityWrapper.java:96)
    at org.apache.http.impl.client.EntityEnclosingRequestWrapper$EntityWrapper.writeTo(EntityEnclosingRequestWrapper.java:108)
    at org.apache.http.impl.entity.EntitySerializer.serialize(EntitySerializer.java:120)
    at org.apache.http.impl.AbstractHttpClientConnection.sendRequestEntity(AbstractHttpClientConnection.java:263)
    at org.apache.http.impl.conn.AbstractClientConnAdapter.sendRequestEntity(AbstractClientConnAdapter.java:227)
    at org.apache.http.protocol.HttpRequestExecutor.doSendRequest(HttpRequestExecutor.java:255)
    at com.eviware.soapui.impl.wsdl.support.http.HttpClientSupport$SoapUIHttpRequestExecutor.doSendRequest(HttpClientSupport.java:119)
    at org.apache.http.protocol.HttpRequestExecutor.execute(HttpRequestExecutor.java:123)
    ... 14 more
Fri Feb 19 11:49:48 CET 2016:DEBUG:Closing the connection.
Fri Feb 19 11:49:48 CET 2016:DEBUG:Connection closed
Fri Feb 19 11:49:48 CET 2016:DEBUG:Connection shut down
Fri Feb 19 11:49:48 CET 2016:ERROR:Exception in request: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Fri Feb 19 11:49:48 CET 2016:ERROR:An error occurred [Received fatal alert: handshake_failure], see error log for details
Fri Feb 19 11:49:49 CET 2016:INFO:Error getting response for [BasicHttpBinding_IPlanky.Login:Request 1]; javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
Jakub Riedl
  • 1,066
  • 2
  • 10
  • 27

3 Answers3

0

The most common cause of a client getting an SSLHandshakeException while calling API Gateway is that the client does not support Server Name Indication (SNI). API Gateway requires SNI and some older http/https client libraries don't support it. The latest version of most Java based https clients do support SNI. Try updating your https client library to the latest version.

MikeD at AWS
  • 3,565
  • 16
  • 15
  • Thanks for tip but I have most up-to-date SoapUI (5.2.1) and Java (1.8.0_74) – Jakub Riedl Feb 19 '16 at 20:31
  • @JakubRiedl The library that MikeD is talking about is actually in $SOAPUI_HOME/lib/httpclient-*.jar ... and it is quite outdated. You could try replacing it with the jar from here http://search.maven.org/#artifactdetails|org.apache.httpcomponents|httpclient|4.5.1|jar but you would have to replace all the dependencies as well. – SiKing Feb 19 '16 at 22:52
  • @SiKing it looks like possible way because there is a httpclient-4.1.1.jar. But I'm not familiar with JAVA & maven. Can you please tell me what steps to do to update the library? When I tried to just replace all files listed in dependencies I'm getting lot of errors in log like nullPointerException and so on. – Jakub Riedl Feb 20 '16 at 10:15
  • @JakubRiedl This is **not** an easy procedure, and is **not** guaranteed to give you success. You have to look through the .pom and search for all dependencies that are scope=compile, and replace all of those. – SiKing Feb 21 '16 at 21:37
  • FYI, SNI support was added in the Apache HTTP client in version 4.3.2: https://issues.apache.org/jira/browse/HTTPCLIENT-1119 – Lorenzo d Feb 23 '16 at 23:22
0

Have settings from this thread: smartbear forum topic for TLS V1.2

And used this specific suggestion added into vmoptions file (soapui bin directory):

-Dsoapui.https.protocols=SSLv3,TLSv1.2

And have accessed AWS with apikey fine, in soapui v5.3.0

gigamac
  • 1
0

Upgrading to SoupUI 5.3.0 resolved the issue for me.

robnick
  • 1,720
  • 17
  • 27