SahiPro Troubleshooting Series: SSL Issues

  • 1
  • February 02, 2017

We take pride in helping our customers solve their automation issues. We are planning to come up with a list of commonly faced issues and how we solved it. This might help multiple customers when they face similar issues. Over a period of time, this would turn into a good repository of problems and solutions.

Today, we share the common problems faced by our customers with SSL

Issue 1: Certificates does not conform to algorithm constraints
Certificates does not conform to algorithm constraints

Sahi Pro Console Error

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Ce
rtificates does not conform to algorithm constraints
at sun.security.ssl.Alerts.getSSLException(Unknown Source)
at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.Handshaker.fatalSE(Unknown Source)
at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)
at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)
at sun.security.ssl.Handshaker.processLoop(Unknown Source)
at sun.security.ssl.Handshaker.process_record(Unknown Source)
at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source
)

Solution:
Please perform all the steps highlighted below:
  • Open C:\Program Files\Java\jre1.8.0_111\lib\security\java.security file.
    The above path is for jre version 1.8.0_111. In your case, it might be different.
  • Search for the lines
    jdk.certpath.disabledAlgorithms=
    jdk.tls.disabledAlgorithms=
    jdk.jar.disabledAlgorithms=
    and comment them by prefixing # such that they look like this:
    #jdk.certpath.disabledAlgorithms=
    #jdk.tls.disabledAlgorithms=
    #jdk.jar.disabledAlgorithms= 
  • Open <SahiPro>/bin/dashboard.bat file and modify below lines fromjava -Djsse.enableSNIExtension=true -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%\config\log.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
    to
    java -Djsse.enableSNIExtension=true -Dhttps.protocols=SSLv2Hello,TLSv1,TLSv1.1 -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%\config\log.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
  • Save the changes and restart Sahi Pro.

Issue 2: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”
SSL_VERSION

Solution:

  • Please modify the following property in <SahiPro>/bin/dashboard.bat by toggling the value from true to false or false to true.
    -Djsse.enableSNIExtension=true
    or
    -Djsse.enableSNIExtension=false
  • Save the changes and restart Sahi Pro.

Issue 3: ERR_SSL_PROTOCOL_ERROR
Protocol
Solution:

  • Take a back up of <SahiPro>/bin/dashboard.bat and modify the following fromjava -Djsse.enableSNIExtension=true -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%\config\log.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
    to
    java -Djsse.enableSNIExtension=true -Dhttps.protocols=”SSLv3,SSLv2Hello,TLSv1″ -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%\config\log.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
  • Save the changes and restart Sahi Pro.

    Hope this post gave you information about troubleshooting SSL issues. Feel free to let us know if you face any other issues by sending an email to support [AT] sahipro [DOT] comWe will cover those in the upcoming posts.

3 Comments

  • Gregory says:

    Hi,
    Could you please help me out? It looks like there is a major issue with SahiPro that might be related to the latest Chrome version and SSL.

    On Apr 20, I noticed that there are some problems while trying to run my tests in Chrome. There had been no problems with running the tests in Chrome before. It looks like the latest Chrome Version 58.0.3029.81 (64-bit) has been issued recently. It looks like Chrome is complaining about Sahi certificate. Again it was working before with the very same certificate. I’m not sure when it stopped working because recently I’ve been using Safari to run my tests. Now I cannot run the very same test in Chrome (I’ve tried to run the test by using SahiPro 6.1 and 6.32.)

  • Gregory says:

    Below are the errors I’m getting while trying to connect from SahiPro to google.com

    https://www.google.com/?gws_rd=ssl

    1) Your connection is not private

    Attackers might be trying to steal your information from http://www.google.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

    2) Your connection is not private

    Attackers might be trying to steal your information from http://www.google.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID
    ReloadHIDE ADVANCED
    http://www.google.com normally uses encryption to protect your information. When Google Chrome tried to connect to http://www.google.com this time, the website sent back unusual and incorrect credentials. This may happen when an attacker is trying to pretend to be http://www.google.com, or a Wi-Fi sign-in screen has interrupted the connection. Your information is still secure because Google Chrome stopped the connection before any data was exchanged.

    You cannot visit http://www.google.com right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.

    3)
    Your connection is not private

    Attackers might be trying to steal your information from http://www.google.com (for example, passwords, messages, or credit cards). NET::ERR_CERT_COMMON_NAME_INVALID

    Subject: http://www.google.com

    Issuer: Sahi

    Expires on: Dec 3, 2026

    Current date: Apr 21, 2017

    REM encoded chain:

    ———BECIN CERTIFICATE—–
    etc.

  • narayan says:

    Hi Gregory,

    We just published a post with a fix for this problem. Please have a look at
    Sahi Pro Chrome 58+ SSL certificate fix

    Thanks.

Leave a Reply

Your email address will not be published.

Use fully-loaded Sahi Pro FREE for a month. Download Now Request a Demo