IOException while handshaking: Connection closed by remote host.

Hello,

We had an issue with one of our EDIINT AS2(HTTPS) partners, so turned on SSL debug to check in detail.
I added following setting in IS admin > Extended on Proxy IS server where partner send their message.
watt.net.ssl.debug=true
watt.ssl.iaik.debug=true
When I see the nohup.out I found that following error is occurring every second although there is no connection attempting to server.
Can anybody have an idea on this?
ssl_debug(1): IOException while handshaking: Connection closed by remote host.
ssl_debug(1): Sending alert: Alert Fatal: handshake failure

ssl_debug(1): Shutting down SSL layer…

ssl_debug(1): Closing transport…

ssl_debug(2): Starting handshake (iSaSiLk 3.03)…

ssl_debug(2): IOException while handshaking: Connection closed by remote host.

ssl_debug(2): Sending alert: Alert Fatal: handshake failure

ssl_debug(2): Shutting down SSL layer…

ssl_debug(2): Closing transport…

ssl_debug(3): Starting handshake (iSaSiLk 3.03)…

ssl_debug(3): IOException while handshaking: Connection closed by remote host.

ssl_debug(3): Sending alert: Alert Fatal: handshake failure

ssl_debug(3): Shutting down SSL layer…

ssl_debug(3): Closing transport…

ssl_debug(4): Starting handshake (iSaSiLk 3.03)…

ssl_debug(4): IOException while handshaking: Connection closed by remote host.

ssl_debug(4): Sending alert: Alert Fatal: handshake failure

ssl_debug(4): Shutting down SSL layer…

ssl_debug(4): Closing transport…

ssl_debug(5): Starting handshake (iSaSiLk 3.03)…

ssl_debug(5): IOException while handshaking: Connection closed by remote host.

ssl_debug(5): Sending alert: Alert Fatal: handshake failure

ssl_debug(5): Shutting down SSL layer…

ssl_debug(5): Closing transport…

Thanks in advance.

P.S. IS version is 8.0.1

Also try with this extended setting on your IS’s and restart the servers:

watt.security.ssl.client.ignoreEmptyAuthoritiesList = true

HTH,
RMG

Thanks RMG,
But it is already set in extended setting.
watt.security.ssl.client.ignoreEmptyAuthoritiesList=true

I think you should probably talk/engage testing with your network team/TP folks and see what they say both ends if there is any firewall blocking/IP sockets/certs chain issues?..Commonly these errors happen all times during the new certs setup which eats more time to resolve.

HTH,
RMG

Hello, were you able to fix this issue? we are having the exactly same problem.

Thanks and regards,

Hermann

What was the setup on your side and are you getting same SSL error with AS2?

Did you also enable the setting above?

no. still have this issue. just turned off ssl debug setting. :confused:

This can be caused by different reasons.
the client system my not trust your server cert, there may be cipher issue, SSL version restriction etc.
You can do some network level trace, use wireshark or MS network monitor.
It will at least provide more detail about the failure

I am facing same issue while connecting from application to vendor system. Seems vendor migrated from SSLV3 to TSLv1 ( SSL version 3.1) due to POODLE VULNERABILITY. Our application do not support TSLv1

Please advice if anyone have any fix or to verify any incompatibility issue from application/vendor site. We have implemented 2 way ssl.


ssl_debug(174339): Starting handshake (iSaSiLk 3.03)…
ssl_debug(174339): Received v3 client_hello handshake message.
ssl_debug(174339): Client requested SSL version 3.0, selecting version 3.0.
ssl_debug(174339): Client supports secure renegotiation = false
ssl_debug(174339): Creating new session B8:2B:5F:7B:F3:CB:AD:94…
ssl_debug(174339): CipherSuites supported by the client:
ssl_debug(174339): SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(174339): SSL_RSA_WITH_RC4_128_SHA
ssl_debug(174339): SSL_RSA_WITH_RC4_128_MD5
ssl_debug(174339): SSL_DH_anon_WITH_3DES_EDE_CBC_SHA
ssl_debug(174339): SSL_DH_anon_WITH_RC4_128_MD5
ssl_debug(174339): SSL_DH_anon_WITH_DES_CBC_SHA
ssl_debug(174339): SSL_RSA_WITH_DES_CBC_SHA
ssl_debug(174339): SSL_RSA_EXPORT_WITH_RC4_40_MD5
ssl_debug(174339): SSL_RSA_EXPORT_WITH_DES40_CBC_SHA
ssl_debug(174339): SSL_DH_anon_EXPORT_WITH_RC4_40_MD5
ssl_debug(174339): SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA
ssl_debug(174339): SSL_RSA_WITH_NULL_SHA
ssl_debug(174339): SSL_RSA_WITH_NULL_MD5
ssl_debug(174339): CompressionMethods supported by the client:
ssl_debug(174339): NULL
ssl_debug(174339): Sending server_hello handshake message.
ssl_debug(174339): Selecting CipherSuite: SSL_RSA_WITH_3DES_EDE_CBC_SHA
ssl_debug(174339): Selecting CompressionMethod: NULL
ssl_debug(174339): Sending certificate handshake message with server certificate…
ssl_debug(174339): Sending certificate_request handshake message…
ssl_debug(174339): Sending server_hello_done handshake message…
ssl_debug(174339): IOException while handshaking: Connection closed by remote host.
ssl_debug(174339): Sending alert: Alert Fatal: handshake failure
ssl_debug(174339): Shutting down SSL layer…
ssl_debug(174339): Closing transport…

Hi all,

please check out the following informations:
Knowledebase Article
PIE - 1760581 : webMethods Integration Server - POODLE Vulnerability for wM7.x, 8.x and 9.x IS, Broker and MWS:
https://empower.softwareag.com/sl24sec/SecuredServices/KCFullTextASP/viewing/view.asp?KEY=113464-6074191&DSN=PIVOTAL&DST=TCD&HL=1&QUERY=

https://empower.softwareag.com/Products/Security/poodle.asp

If suitable, please apply the mentioned Fixes and their required Fixes.
Additionally check the Readmes for additional configuration steps.
These steps may vary depending on the IS and Java versions being used.

Regards,
Holger