Highlighted
Trusted Contributor.
Trusted Contributor.
5043 views

SSL Errors after initial few successful replays

Jump to solution

I have been running https based scripts successfully over last few days (to a cloud service) , but suddenly I started seeing below SSL error. Does anyone know the possible reasons for all of a sudden appearance of error..

ssl_handle_status encounter error : SSL_ERROR_SSL, error message : error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure   [MsgId: MMSG-26000]

 

Tags (1)
0 Likes
1 Solution

Accepted Solutions
Highlighted
Honored Contributor.
Honored Contributor.

hi.

 

it looks someone changes some security setting on the application. now the application refuse to negotiate if the client try to use SSLv3 in the handshake process.

try forcing SSL/TLS level to a higer level by using the web_set_socket_options API or chage the SSL level in port mapping

Micro Focus Performance Core.
Functional Architect
your performance, our passion!

View solution in original post

0 Likes
17 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

> sslv3 alert handshake failure

I remember getting a message like that if you use obsolete SSL 1 to 3 versions, instead of the latest TLS 1.2.

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

The problem started occuring suddenly, so I believe it's not supposed to be related to SSL/TLS version.

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Logs:

vuser_init.c(25): t=878ms: Connecting [0] to host <server IP>:443 [MsgId: MMSG-26000]
vuser_init.c(25): t=1097ms: Connected socket [0] from <clientIP>:7889 to <serverIP>:443 in 219 ms [MsgId: MMSG-26000]
vuser_init.c(25): t=2159ms: Trying to set SNI with servername <serverName> [MsgId: MMSG-26000]
vuser_init.c(25): t=2160ms: Setting SNI was succesfull [MsgId: MMSG-26000]
vuser_init.c(25): ssl_handle_status encounter error : SSL_ERROR_SSL, error message : error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure [MsgId: MMSG-26000]
vuser_init.c(25): Error -27774: SSL protocol error when attempting to connect with host "<serverName>" [MsgId: MERR-27774]
vuser_init.c(25): Error -27760: Request "<serverName>" failed [MsgId: MERR-27760]
vuser_init.c(25): t=2386ms: Closed connection [0] to <serverName>:443 after completing 0 request(s) [MsgId: MMSG-26000]

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

@Akhil Dass  The problem started occurring suddenly

 

Did someone upgrade the security of either side?

I had that happen to me using old putty and ssh.  Unfortunately it happened twice, with an even older version the time before on a different laptop.

I've seen that "ssl3_read_bytes:sslv3 alert handshake failure" error before when the server was updated to reject older SSL protocols.

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

hi.

 

it looks someone changes some security setting on the application. now the application refuse to negotiate if the client try to use SSLv3 in the handshake process.

try forcing SSL/TLS level to a higer level by using the web_set_socket_options API or chage the SSL level in port mapping

Micro Focus Performance Core.
Functional Architect
your performance, our passion!

View solution in original post

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

After enabling WinInet in runtime settings, script replay works now.  I asked Developers and they confirmed that they did not make changes to SSL/TLS on their side. It's still a puzzle for me why suddenly a working script required enabling WinInet option.

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

if this is a public application and you can share the script (or part of it) i will check the root cause.

Micro Focus Performance Core.
Functional Architect
your performance, our passion!
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Hi, you were correct. today I tried with web_set_sockets_option("SSL_VERSION", "TLS1.2"); and it worked..

Thanks

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

happy to help

Micro Focus Performance Core.
Functional Architect
your performance, our passion!
0 Likes
Highlighted
Regular Contributor.
Regular Contributor.

Hi we are getting below ,Please help to resolve this issue on priority. 

Action.c(14): ssl_handle_status encounter error : SSL_ERROR_SYSCALL, error id : 0 [MsgId: MMSG-26000]
Action.c(14): ssl_handle_status encounter error : SSL_ERROR_SSL, error message : error:140E0197:SSL routines:SSL_shutdown:shutdown while in init [MsgId: MMSG-26000]
Action.c(14): ssl_handle_status ssl_handle_status encounter error : SSL_ERROR_SSL when read, retry count = 0 [MsgId: MMSG-26000].

In script we are using SSL version as below, it came as part of recording.

web_set_sockets_option("SSL_VERSION", "TLS1.2");

In network analyzer shows different version and ciphers.

[Network Analyzer (18a4: 168)]   (Sid: 22) Negotiate Proxy -> Server SSL Handshake (ssl:TLSv1, ciphers:ECDHE-RSA-AES256-SHA)

[Network Analyzer (18a4:36b4)]   (Sid: 23) Negotiate Proxy -> Server SSL Handshake (ssl:TLSv1.2, ciphers:ECDHE-RSA-AES128-GCM-SHA256)

[Network Analyzer (18a4: 168)]   (Sid: 22) Negotiate Client -> Proxy SSL Handshake (ssl:TLSv1.2, ciphers:ECDHE-RSA-AES128-GCM-SHA256)

[Network Analyzer (18a4:36b4)]   (Sid: 23) Negotiate Client -> Proxy SSL Handshake (ssl:TLSv1.2, ciphers:ECDHE-RSA-AES128-GCM-SHA256)

In Recording option -SSL2/3 -DefaultOpenSSLCiphers

0 Likes
Highlighted
Trusted Contributor.. Trusted Contributor..
Trusted Contributor..
Hi, did you go into the Networking and Filtering dialog and set up an entry for the server under test? LoadRunner doesn't just automagically make a TLS connection to a server supporting HTTPS - you have to give it fair warning that it needs to use a specific version of TLS (1.2 or 1.3 are the only acceptable versions, anything less is courting security disasters). Tell 'em I said so.
The openssl_lt version deployed with LoadRunner (in the \bin directory) can also provide you the cipher information.
openssl_lt s_client -connection
There's lots of other options available if you want very specific information or want to send in a certificate to verify its valid for the server in question.
-TN
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.