Welcome to the new Parasoft forums! We hope you will enjoy the site and try out some of the new features, like sharing an idea you may have for one of our products or following a category.

Soatest 2021.1 issue: SSL Error: Received fatal alert: protocol_version

Ankob1985
Ankob1985 Posts: 16

We try to fire messages at an environment that uses different Cipher Suites. this results in errors: "_ SSL Error: Received fatal alert: protocol_version_ "

When I run the software with some additional logging found on de parasoft Docs, I see the following:
_"ClientHello": {
"client version" : "TLSv1.2",
"session id" : "",
"cipher suites" : "[TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384(0xC02C), TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256(0xC02B), TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384(0xC030), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384(0xC02E), TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384(0xC032), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256(0xC02F), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256(0xC02D), TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256(0xC031), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384(0xC024), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384(0xC028), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384(0xC026), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384(0xC02A), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA(0xC00A), TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA(0xC014), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA(0xC005), TLS_ECDH_RSA_WITH_AES_256_CBC_SHA(0xC00F), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256(0xC023), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256(0xC027), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256(0xC025), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256(0xC029), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA(0xC009), TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA(0xC013), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA(0xC004), TLS_ECDH_RSA_WITH_AES_128_CBC_SHA(0xC00E), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]",
"compression methods" : "00",
"extensions" _

And finally:
javax.net.ssl|SEVERE|B1|psft_pool-10-ThreadPool-Main-1|2024-03-12 15:20:47.771 CET|TransportContext.java:340|Fatal (PROTOCOL_VERSION): Received fatal alert: protocol_version (
"throwable" : {
javax.net.ssl.SSLHandshakeException: Received fatal alert: protocol_version
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:335)
at sun.security.ssl.Alert$AlertConsumer.consume(Alert.java:293)
at sun.security.ssl.TransportContext.dispatch(TransportContext.java:185)
at sun.security.ssl.SSLTransport.decode(SSLTransport.java:156)
at sun.security.ssl.SSLSocketImpl.decode(SSLSocketImpl.java:1202)
at sun.security.ssl.SSLSocketImpl.readHandshakeRecord(SSLSocketImpl.java:1111)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:398)
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:370)
at webtool.net.LoggingSSLSocket.startHandshake(LoggingSSLSocket.java:124)
at webtool.messaging.HTTPTransportSocketUtil.getHTTPSSocket(HTTPTransportSocketUtil.java:169)
at webtool.messaging.HTTPTransport.sendRequest(HTTPTransport.java:433)
at webtool.messaging.HTTPTransport.invokeInternal(HTTPTransport.java:291)
at webtool.messaging.HTTPTransport.invokeInternal(HTTPTransport.java:273)
at webtool.messaging.HTTPTransport.invoke(HTTPTransport.java:326)
at webtool.messaging.MessagingClientConfig.invokeOverHTTP(MessagingClientConfig.java:161)
at webtool.messaging.MessagingClientConfig.invoke(MessagingClientConfig.java:108)
at webtool.messaging.MessageRunner.call(MessageRunner.java:49)
at webtool.messaging.MessageRunner.call(MessageRunner.java:1)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)}

Any one got an idea what I need to change to fix the protocol issue?

Comments

  • Matt Love
    Matt Love Posts: 97 admin

    SOAtest 2021.1 includes Java 1.8, which by default only allows connections to TLS v1.2 sites. You don't say what TLS version your environment uses, but this protocol error implies it is an older TLS version. You can use openssl client from the command line to check the TLS version in your environment as described in this stackoverflow answer: https://stackoverflow.com/a/47717547

    Assuming you need to enable support for older TLS versions, you should prefix Java command line arguments with -J when launching SOAtest like this:
    soatest.exe -J-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

  • Ankob1985
    Ankob1985 Posts: 16

    Hi Matt, thanks for your answer. Tried it but still the same issue. I guess it has something to do with the Cipher suites that are supported. That is different with other environments.

  • Matt Love
    Matt Love Posts: 97 admin

    What TLS version and Cipher suite is your environment using? On a command line run
    openssl s_client -connect yourhost.domain.com:443

  • Ankob1985
    Ankob1985 Posts: 16

    it comes back with TLS 1.3 is parasoft Soatest this already supporting?

  • Matt Love
    Matt Love Posts: 97 admin

    TLSv1.3 was enabled in Java 8u341 in July 2022. https://www.oracle.com/java/technologies/javase/8u341-relnotes.html
    I see that you have SOAtest 2021.1 which predates that.
    Two possible solutions are:
    1) Download the latest Java 8 (u341 or newer) and launch SOAtest with -Zjava_home C:/Program Files/Java/jdk1.8.0_341/
    https://docs.parasoft.com/display/SOA20211/Configuring+Java+Runtime
    2) Upgrade to SOAtest 2022.1 which includes Java 11.
    https://docs.parasoft.com/display/SOA20232/SOAtest,+Virtualize,+and+CTP+2022.1