SSLHandShakeException comes up


#1

You might have encountered recently something like that:

javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

Newer version of the JRE and JDK limit the set of handshake protocols, which are enabled by default:

  • supported protocols: SSLv2Hello, SSLv3, TLSv1, TLSv1.1, TLSv1.2
    enabled protocols: SSLv3, TLSv1
  • The exclusion of TLSv1.1 and TLSv1.2 is explained by potential interoperability issues with servers that do support TLSv1 only.

From the remaining set of enabled handshake protocols, HttpClient removes all SSL protocols. In the end, there is only TLSv1 left.

The standard way to enable more protocols by configuration is to use a system property:

-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2

However, this property is evaluated in HttpsUrlConnection only, but not in HttpClient. So a new property was added to XLT 4.5.6:

com.xceptance.xlt.ssl.protocols = SSLv3, TLSv1, TLSv1.1, TLSv1.2

Please keep in mind that TLS 1.0 and below are on the blacklist of protocols to use. The strong recommendation is to go with TLS 1.1 and higher, preferably TLS 1.2 only. It might be ok to get tests going, but it is definitely not what will be in production in a few weeks.


This was filed and resolved as defect 2478 by Xceptance. The fix is included in release XLT 4.5.6.