Skip to Content
0

SSL Exception: Peer Sent Alert : Alert Fatal: handshake failure

May 07 at 07:59 AM

156

avatar image

Hi Experts,

I have been facing a weird issue in one of the Interfaces. We are trying to connect to some third party , but got attached Error in PI Monitoring. But , when we checked it through XPI Inspector , the handshake seems to be completed(attached screenshot). I am not sure how it is happening.

Also , in the past this interface is working fine , but recently we configured a Patch Configuration as per Note 2284059 - Update of SSL library within NW Java server. Since then , this Interface is not working , failing with the same handshake Error.


We also made changes in Config File (changed the client.minProtocolVersion to TLS1.1 and the client.maxProtocolVersion to TLS1.2) and retested the scenario , but still no luck.


Please advise here , immediate help will be highly appreciated.


Thanks and Regards,

Vivek Jain

error1.jpg

xpi-inspector-screenshot.jpg


10 |10000 characters needed characters left characters exceeded
* Please Login or Register to Answer, Follow or Comment.

3 Answers

Best Answer
Tom Xing
May 10 at 03:07 AM
1

Hi Vivek,

When XPI Inspector Channel SSL Handshake works, but in runtime SSL handshake fails, most likely you are using one of below adapters:

AS2, Axis, REST, or some others I have not yet put in my note book.

In this case you should check below note, according to the adapter you are using:

2292139 - TLSv1.2 support in Axis adapter

2295870 - TLSv1.2 support in REST adapter

2533644 - AS2 Adapter does not support SSL protocol version higher than TLS 1.0

Since you are using SOAP Axis adapter, check note ##2292139.

Best regards,

Tom

Show 2 Share
10 |10000 characters needed characters left characters exceeded

Thanks Tom. I will check this and will update you accordingly.

Regards,

Vivek Jain

0

Hi Tom,

I maintained parameter maxSSLVersion in my Channel , and it worked.

Regards,

Vivek Jain

0
Mate Moricz
May 08 at 11:00 AM
1

Hi Vivek,

there can be multiple causes for this particular error. Try to reproduce the error and collect Example 50 - XI Channel trace and locate the error there (the test in the Example 11 uses the IAIK library and the endpoint that you set, but not all adapter use the IAIK library).

What adapter is used in your scenario?


Best regards,
Mate

Show 1 Share
10 |10000 characters needed characters left characters exceeded

Hi Mate,

Thanks for your response.

We reproduced the issue and collected Example 50 too , can you please help where to check for the error here , I am not able to locate any error.

We have used SOAP Adapter here(screenshot attached).

Regards,

Vivek Jain

0
Mark Smyth
May 17 at 04:08 PM
0

Hello Vivek,

Check the blog entries below for details on using the XPI tool to troubleshoot this type of error.

Using XPI Inspector to troubleshoot HTTP SSL connections (Part 1 – Server Authentication)

Using XPI Inspector to troubleshoot HTTP SSL connections (Part 2 – Client Authentication)

Regards
Mark

Share
10 |10000 characters needed characters left characters exceeded