How to test a specified cipher against a BW SSL project and the error when no cipher match is found.

How to test a specified cipher against a BW SSL project and the error when no cipher match is found.

book

Article ID: KB0093579

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix BusinessWorks -
Not Applicable -

Description

Description:
Be aware who is writing "SEND TLSv1 ALERT:  fatal, description = handshake_failure". The client or the server. The BW server process writes the following just after ClientHello if no matching cipher is found:

http-bio-9696-exec-5, SEND TLSv1 ALERT:  fatal, description = handshake_failure
http-bio-9696-exec-5, WRITE: TLSv1 Alert, length = 2
http-bio-9696-exec-5, handling exception: javax.net.ssl.SSLHandshakeException: no cipher suites in common

The client side log will throw "handshake_failure". 

Issue/Introduction

How to test a specified cipher against a BW SSL project and the error when no cipher match is found.

Resolution

1). Setup a BW SSL project. Enable SSL debug tracing and search for "Cipher Suites" :


java.property.TIBCO_SECURITY_VENDOR=j2se
java.property.javax.net.debug=ssl,handshake,record

You should see the client list supporting "Cipher Suites" in ClientHello. In ServerHello, you should see the "Cipher Suites" server has chosen to communicate with the client.

2). Test with SOAPUI as client. Set the following in soapui.bat:


set JAVA_OPTS=-Xms128m -Xmx1024m -Djavax.net.debug=ssl,handshake,record -Dsoapui.https.ciphers=SSL_RSA_WITH_RC4_128_SHA -Dsoapui.properties=soapui.properties "-Dsoapui.home=%SOAPUI_HOME%\"

If "SSL_RSA_WITH_RC4_128_SHA" is not supported by BW, you would see the attached error message (Filename: CipherNoMatchError.txt), which shows that the client only supports {Cipher Suites: [SSL_RSA_WITH_RC4_128_SHA]}.

The BW server process reports { javax.net.ssl.SSLHandshakeException: no cipher suites in common} and "SEND TLSv1 ALERT:  fatal, description = handshake_failure".

Attachments

How to test a specified cipher against a BW SSL project and the error when no cipher match is found. get_app