When we are executing the JavaScript TestCallout.js we get 500 Error with the error message: “Received fatal alert: handshake_failure (TestCallOut_js#7)” as shown below:
{"fault":{"faultstring":"Execution of TestCallOut failed with error: Exception thrown from JavaScript : Error executing callout!Received fatal alert: handshake_failure (TestCallOut_js#7)","detail":{"errorcode":"steps.javascript.ScriptExecutionFailed"}}}
We receive this error only for certain URLs but not for others. For example its works for ‘https://httpbin.org/json’ but not for ‘https:///api/people/’ or ‘https:///api/users’
- Followed the instructions provided in the TLS/SSL Handshake Failure playbook.
- Collected a tcpdump and analyzed the packets.
- The protocols matched.
- Next followed the steps given here in the same playbook used the openssl command on the hostname1 and hostname2 as follows
openssl s_client -connect <hostname1>:443
CONNECTED(00000006)
4604343916:error:14004410:SSL routines:CONNECT_CR_SRVR_HELLO:sslv3 alert handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:1205:SSL alert number 40
4604343916:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-22.260.1/libressl-2.6/ssl/ssl_pkt.c:585:
-
Since I got the error, I re-tried the openssl command with -servername option as follows
openssl s_client -connect <hostname1>:443 -servername hostname1
-
This worked fine without any errors.
-
Repeated the steps 4 and 5 with the hostname2, and observed the same behaviour.
-
This indicated that the hostname1 and hostname2 were SNI enabled target servers, but the Message Processors were not enabled to talk to SNI servers.
-
Followed the steps given in Resolution section here under the same playbook and enabled the MPs to talk to SNI servers.With this, we were able to resolve the issue.