Soatest 2021.1 issue: SSL Error: Received fatal alert: protocol_version
We try to fire messages at an environment that uses different Cipher Suites. this results in errors: "_ SSL Error: Received fatal alert: protocol_version_ "
When I run the software with some additional logging found on de parasoft Docs, I see the following:
_"ClientHello": {
"client version" : "TLSv1.2",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" _
And finally:
javax.net.ssl|SEVERE|B1|psft_pool-10-ThreadPool-Main-1|2024-03-12 15:20:47.771 CET|TransportContext.java:340|Fatal (PROTOCOL_VERSION): Received fatal alert: protocol_version (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:335)
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:156)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1202)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1111)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:398)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:370)
at webtool.net.LoggingSSLSocket.startHandshake(LoggingSSLSocket.java:124)
at webtool.messaging.HTTPTransportSocketUtil.getHTTPSSocket(HTTPTransportSocketUtil.java:169)
at webtool.messaging.HTTPTransport.sendRequest(HTTPTransport.java:433)
at webtool.messaging.HTTPTransport.invokeInternal(HTTPTransport.java:291)
at webtool.messaging.HTTPTransport.invokeInternal(HTTPTransport.java:273)
at webtool.messaging.HTTPTransport.invoke(HTTPTransport.java:326)
at webtool.messaging.MessagingClientConfig.invokeOverHTTP(MessagingClientConfig.java:161)
at webtool.messaging.MessagingClientConfig.invoke(MessagingClientConfig.java:108)
at webtool.messaging.MessageRunner.call(MessageRunner.java:49)
at webtool.messaging.MessageRunner.call(MessageRunner.java:1)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)}
Any one got an idea what I need to change to fix the protocol issue?
Comments
-
SOAtest 2021.1 includes Java 1.8, which by default only allows connections to TLS v1.2 sites. You don't say what TLS version your environment uses, but this protocol error implies it is an older TLS version. You can use openssl client from the command line to check the TLS version in your environment as described in this stackoverflow answer: https://stackoverflow.com/a/47717547
Assuming you need to enable support for older TLS versions, you should prefix Java command line arguments with -J when launching SOAtest like this:
soatest.exe -J-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.20 -
Hi Matt, thanks for your answer. Tried it but still the same issue. I guess it has something to do with the Cipher suites that are supported. That is different with other environments.
0 -
What TLS version and Cipher suite is your environment using? On a command line run
openssl s_client -connect yourhost.domain.com:4430 -
it comes back with TLS 1.3 is parasoft Soatest this already supporting?
0 -
TLSv1.3 was enabled in Java 8u341 in July 2022. https://www.oracle.com/java/technologies/javase/8u341-relnotes.html
I see that you have SOAtest 2021.1 which predates that.
Two possible solutions are:
1) Download the latest Java 8 (u341 or newer) and launch SOAtest with-Zjava_home C:/Program Files/Java/jdk1.8.0_341/
https://docs.parasoft.com/display/SOA20211/Configuring+Java+Runtime
2) Upgrade to SOAtest 2022.1 which includes Java 11.
https://docs.parasoft.com/display/SOA20232/SOAtest,+Virtualize,+and+CTP+2022.10
