SahiPro Troubleshooting Series: SSL Issues

  • 1
  • February 02, 2017

We take pride in helping our customers solve their automation issues. We are planning to come up with a list of commonly faced issues and how we solved it. This might help multiple customers when they face similar issues. Over a period of time, this would turn into a good repository of problems and solutions.

Today, we share the common problems faced by our customers with SSL

Issue 1: Certificates does not conform to algorithm constraints
Certificates does not conform to algorithm constraints

Sahi Pro Console Error

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Ce
rtificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)

Solution:
Please perform all the steps highlighted below:
  • Open C:\Program Files\Java\jre1.8.0_111\lib\security\java.security file.
    The above path is for jre version 1.8.0_111. In your case, it might be different.
  • Search for the lines
    jdk.certpath.disabledAlgorithms=
    jdk.tls.disabledAlgorithms=
    jdk.jar.disabledAlgorithms=
    and comment them by prefixing # such that they look like this:
    #jdk.certpath.disabledAlgorithms=
    #jdk.tls.disabledAlgorithms=
    #jdk.jar.disabledAlgorithms= 
  • Open <SahiPro>/bin/dashboard.bat file and modify below lines fromjava -Djsse.enableSNIExtension=true -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%\config\log.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
    to
    java -Djsse.enableSNIExtension=true -Dhttps.protocols=SSLv2Hello,TLSv1,TLSv1.1 -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%\config\log.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
  • Save the changes and restart Sahi Pro.

Issue 2: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”
SSL_VERSION

Solution:

  • Please modify the following property in <SahiPro>/bin/dashboard.bat by toggling the value from true to false or false to true.
    -Djsse.enableSNIExtension=true
    or
    -Djsse.enableSNIExtension=false
  • Save the changes and restart Sahi Pro.

Issue 3: ERR_SSL_PROTOCOL_ERROR
Protocol
Solution:

  • Take a back up of <SahiPro>/bin/dashboard.bat and modify the following fromjava -Djsse.enableSNIExtension=true -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%\config\log.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
    to
    java -Djsse.enableSNIExtension=true -Dhttps.protocols=”SSLv3,SSLv2Hello,TLSv1″ -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%\config\log.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
  • Save the changes and restart Sahi Pro.

    Hope this post gave you information about troubleshooting SSL issues. Feel free to let us know if you face any other issues by sending an email to support [AT] sahipro [DOT] comWe will cover those in the upcoming posts.

Leave a Reply

Your email address will not be published.

Use fully-loaded Sahi Pro FREE for a month. Download Now Request a Demo