Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-13965

External REST with TLS version 1.1 fails to check self signed certificate

    Details

      Description

      Since 2.10.2019 IDM build openidm-7.0.0-2019-10-02-18-29-33322cb.zip our Test is failing: external_rest.with_custom_tls_version.get.get_request_via_https_to_check_self_signed_certificate_presence.
      Status basically adding `openidm.external.rest.tls.version=TLSv1.1` to the boot.properties file and then executing query:

      curl -X POST \
        'http://idm.example.com:8080/openidm/external/rest?_action=call' \
        -H 'Content-Type: application/json' 
        -H 'X-OpenIDM-Password: openidm-admin' \
        -H 'X-OpenIDM-Username: openidm-admin' \
        -d '{"url": "https://localhost:8443/openidm/info/login","method":"GET","headers":{"X-OpenIDM-Username":"openidm-admin","X-OpenIDM-Password":"openidm-admin"}}'
      

      which failed with 500 status error code (internal server error) with empty response.
      In the IDM console there is:

      [101] Oct 21, 2019 12:31:54.444 PM org.forgerock.http.servlet.HttpFrameworkServlet lambda$service$1
      SEVERE: RuntimeException caught - rootId:f7e37950-7c8e-4608-a405-fb5dc29db4e6-323
      java.lang.RuntimeException: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
      	at org.forgerock.http.apache.async.AsyncResponseHttpClient$EntityCompletionPromiseResponseConsumer.failed(AsyncResponseHttpClient.java:165)
      	at org.apache.http.impl.nio.client.DefaultClientExchangeHandlerImpl.executionFailed(DefaultClientExchangeHandlerImpl.java:99)
      	at org.apache.http.impl.nio.client.AbstractClientExchangeHandler.failed(AbstractClientExchangeHandler.java:426)
      	at org.apache.http.nio.protocol.HttpAsyncRequestExecutor.exception(HttpAsyncRequestExecutor.java:163)
      	at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:76)
      	at org.apache.http.impl.nio.client.InternalIODispatch.onException(InternalIODispatch.java:39)
      	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:125)
      	at org.apache.http.impl.nio.reactor.BaseIOReactor.readable(BaseIOReactor.java:162)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvent(AbstractIOReactor.java:337)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.processEvents(AbstractIOReactor.java:315)
      	at org.apache.http.impl.nio.reactor.AbstractIOReactor.execute(AbstractIOReactor.java:276)
      	at org.apache.http.impl.nio.reactor.BaseIOReactor.execute(BaseIOReactor.java:104)
      	at org.apache.http.impl.nio.reactor.AbstractMultiworkerIOReactor$Worker.run(AbstractMultiworkerIOReactor.java:591)
      	at java.lang.Thread.run(Thread.java:748)
      Caused by: javax.net.ssl.SSLException: Received fatal alert: handshake_failure
      	at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
      	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1647)
      	at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1615)
      	at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1781)
      	at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1070)
      	at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:896)
      	at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:766)
      	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doUnwrap(SSLIOSession.java:275)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.doHandshake(SSLIOSession.java:321)
      	at org.apache.http.nio.reactor.ssl.SSLIOSession.isAppInputReady(SSLIOSession.java:523)
      	at org.apache.http.impl.nio.reactor.AbstractIODispatch.inputReady(AbstractIODispatch.java:120)
      	... 7 more
      
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                brmiller Brendan Miller
                Reporter:
                alexander.dracka Alexander Dracka
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: