We take pride in helping our customers solve their automation issues. We are planning to come up with a list of commonly faced issues and how we solved it. This might help multiple customers when they face similar issues. Over a period of time, this would turn into a good repository of problems and solutions.

Today, we share the common problems faced by our customers with SSL

Issue 1: Certificates does not conform to algorithm constraints

Certificates does not conform to algorithm constraints

Sahi Pro Console Error

javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Certificates does not conform to algorithm constraintsat sun.security.ssl.Alerts.getSSLException(Unknown Source)at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)at sun.security.ssl.Handshaker.fatalSE(Unknown Source)at sun.security.ssl.Handshaker.fatalSE(Unknown Source)at sun.security.ssl.ClientHandshaker.serverCertificate(Unknown Source)at sun.security.ssl.ClientHandshaker.processMessage(Unknown Source)at sun.security.ssl.Handshaker.processLoop(Unknown Source)at sun.security.ssl.Handshaker.process_record(Unknown Source)at sun.security.ssl.SSLSocketImpl.readRecord(Unknown Source)at sun.security.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)

Solution:Please perform all the steps highlighted below:

  • Open C:Program FilesJavajre1.8.0_111libsecurityjava.security file.The above path is for jre version 1.8.0_111. In your case, it might be different.
  • Search for the linesjdk.certpath.disabledAlgorithms= jdk.tls.disabledAlgorithms= jdk.jar.disabledAlgorithms=and comment them by prefixing # such that they look like this:#jdk.certpath.disabledAlgorithms=#jdk.tls.disabledAlgorithms=#jdk.jar.disabledAlgorithms=
  • Open <SahiPro>/bin/dashboard.bat file and modify below lines fromjava -Djsse.enableSNIExtension=true -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%configlog.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”tojava -Djsse.enableSNIExtension=true -Dhttps.protocols=SSLv2Hello,TLSv1,TLSv1.1 -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%configlog.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
  • Save the changes and restart Sahi Pro.

Issue 2: “ERR_SSL_VERSION_OR_CIPHER_MISMATCH”

SSL_VERSION

Solution:

  • Please modify the following property in <SahiPro>/bin/dashboard.bat by toggling the value from true to false or false to true.-Djsse.enableSNIExtension=trueor-Djsse.enableSNIExtension=false
  • Save the changes and restart Sahi Pro.

Issue 3: ERR_SSL_PROTOCOL_ERROR

Protocol

Solution:

  • Take a back up of <SahiPro>/bin/dashboard.bat and modify the following fromjava -Djsse.enableSNIExtension=true -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%configlog.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”tojava -Djsse.enableSNIExtension=true -Dhttps.protocols=”SSLv3,SSLv2Hello,TLSv1″ -Djava.util.logging.config.file=%SAHI_USERDATA_DIR_TMP%configlog.properties -classpath %SAHI_EXT_CLASS_PATH%;%SAHI_CLASS_PATH% net.sf.sahi.ui.Dashboard “%SAHI_HOME%” “%SAHI_USERDATA_DIR_TMP%”
  • Save the changes and restart Sahi Pro.Hope this post gave you information about troubleshooting SSL issues. Feel free to let us know if you face any other issues by sending an email to support@sahipro.com. We will cover those in the upcoming posts.