SSL exception cURL error 35 - ssl

I was doing a rutinary check of my web at GTMETRIX when I get this error message:
Analysis Error An error occurred fetching the page: HTTPS error: SSL
connect attempt failed error:14077410:SSL
routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure
There may be a connectivity issue between your server and the GTmetrix
test server. Try testing from another test location or try again
later.
I was looking for answers but can't find any solution. This is the actual status of my SLL configuration:
** Configuring SSL ** testing htaccess rules...
htaccess rules test failed with error: cURL error 35:
error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert
handshake failure checking if .htaccess can or should be edited...
Any help would be appreciated.

Related

FTP Connection control connection closed with Handshake failure

I am facing issue while sending file from Sterling File Gateway to external FTP Server using FTPS Protocol setup. Recently the certificate on server side has been expired and we have added the renewed cert on our B2bi and SSP with Root,Intermediate, public cert.
From there we started to Handshake failures on Perimeter logs.
Error:
ERROR [TLSCheck.validCerta] validateErr not 0, failing check: 4
ERROR [TLSCheck. validCerts) error (s) is/are: ERR_CERT OTHER ERROR,
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
Caused by: java.security.cert.CertificateException: [TLSCheck.certificateCallback] toolkit level returns false
Please let me know what could be the issue.
Thanks in Advance

JMeter JMS: Getting Error: Failed to connect via SSL to [ssl://<server-name>:7352]: Received fatal alert: protocol_version

I'm trying to publish message to a Tibco Queue on a SSL Tibco Server through JMeter 5.4.1 using JMS Point-to-Point Logic Controller.
JMS Point To Point Controller Config
But I'm getting the following error message:
2021-06-13 12:25:46,278 ERROR o.a.j.p.j.s.JMSSampler: Not permitted:
Failed to connect to any server at: ssl://[server-name]:7352,
ssl://[server-name]:7352 [Error: Failed to connect via SSL to
[ssl://[server-name]:7352]: Received fatal alert:
protocol_version: url that returned this exception =
SSL://[server-name]:7352 ]
javax.naming.AuthenticationException: Not permitted: Failed to connect
to any server at: ssl://[server-name]:7352,
ssl://[server-name]:7352 [Error: Failed to connect via SSL to
[ssl://[server-name]:7352]: Received fatal alert:
protocol_version: url that returned this exception =
SSL://[server-name] ] at
com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:670)
~[tibjms.jar:8.0.0] at
com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:491)
~[tibjms.jar:8.0.0] at
javax.naming.InitialContext.lookup(InitialContext.java:417)
~[?:1.8.0_291] at
org.apache.jmeter.protocol.jms.sampler.JMSSampler.threadStarted(JMSSampler.java:638)
[ApacheJMeter_jms.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread$ThreadListenerTraverser.addNode(JMeterThread.java:784)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jorphan.collections.HashTree.traverseInto(HashTree.java:993)
[jorphan.jar:5.4.1] at
org.apache.jorphan.collections.HashTree.traverse(HashTree.java:976)
[jorphan.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.threadStarted(JMeterThread.java:752)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.initRun(JMeterThread.java:740)
[ApacheJMeter_core.jar:5.4.1] at
org.apache.jmeter.threads.JMeterThread.run(JMeterThread.java:252)
[ApacheJMeter_core.jar:5.4.1]
I tried:
openssl s_client -connect [server-name]:7352
It gave the following output:
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID:
Session-ID-ctx:
So added the following line in jmeter.properties file.
https.default.protocol=TLSv1.2
Also commented jdk.tls.disabledAlgorithms from java.security file for JDK (I'm using jdk1.8.0_291)
# jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \
# DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
# include jdk.disabled.namedCurves
But still I'm getting the same error. Someone please help.
I think you're using the wrong property (not only the wrong property but the wrong place as well), you're setting default protocol for HTTPS, while you need to set it for TLS, i.e. add the next line to system.properties file
jdk.tls.client.protocols=TLSv1.2
JMeter restart will be required to apply this property.
If it won't help or you will get different errors - consider adding the next line there as well:
javax.net.debug=all
and then check jmeter.log file and stdout for any suspicious entries
More information:
Configuring JMeter
Apache JMeter Properties Customization Guide
I resolved it by using the latest tibjms.jar in the lib directory in JMeter as the Tibco server was upgraded some hours before I raised this issue.

Kafka inter broker SSL handshake failed

I am trying to setup inter-broker SSL (not client) authentication and keep seeing the following errors:
[2019-05-17 06:33:47,151] INFO [Controller id=1004, targetBrokerId=1004] Failed authentication with /$IP (SSL handshake failed) (org.apache.kafka.common.network.Selector)
[2019-05-17 06:33:47,151] INFO [SocketServer brokerId=1004] Failed authentication with /$IP (SSL handshake failed) (org.apache.kafka.common.network.Selector)
[2019-05-17 06:33:47,151] ERROR [Controller id=1004, targetBrokerId=1004] Connection to node 1004 (/$IP:9093) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
My server.properties is:
listeners=PLAINTEXT://$IP:9092,SSL://$IP:9093
security.inter.broker.protocol=SSL
ssl.truststore.password=$PASS
ssl.keystore.password=$PASS
ssl.key.password=$PASS
ssl.endpoint.identification.algorithm=""
ssl.keystore.location=/etc/kafka/kafka.server.keystore.jks
ssl.truststore.location=/etc/kafka/kafka.server.truststore.jks
``
When I run `openssl s_client -debug -connect $IP:9093 -tls1` I get back a list of certificates and `Secure Renegotiation IS supported`
Despite adding `-Djavax.net.debug=all` there's not anything in the logs which points to the problem.
Kafka version 2.2
Any ideas?
I had incorrectly set the value of ssl.endpoint.identification.algorithm="" instead of ssl.endpoint.identification.algorithm", this fixed it.
This value was changed in 2.2 to default to https so setting it to nothing worked.

ReviewBoard SSLV3_ALERT_HANDSHAKE_FAILURE

When I try "rbt post" I get this error "ERROR: Could not reach the Review Board server at http://reviewboard.company.com/: [SSL: SSLV3_ALERT_HANDSHAKE_FAILURE] sslv3 alert handshake failure (_ssl.c:590)"
If it is an internal company FQDN, try to find out whether you requesting over a companies proxy. If so, please delete your proxy envs and try again

Getting error "SSL_CTX_use_certificate_file failed" in solaris

I am running a simulator which establishes SSL connections and sends HTTP requests.
But currently when I run the simulator I get below error:
ERROR: SSL_CTX_use_certificate_file failed ERROR: [SSL#906d06c]
error:0906D06C:PEM routines:PEM_read_bio:no start line ERROR:
[SSL#140ad009] error:140AD009:SSL
routines:SSL_CTX_use_certificate_file:PEM lib ERROR: Global SSL
initialization failed
Could anyone help me solve this issue?