ArcGIS Online TLS 1.2 Handshake Failure

263
1
12-10-2019 04:23 PM
YueZhou1
New Contributor

I tried to query the feature service in the ArcGIS Online in my program. The code is implemented using Java. I enabled the -Djavax.net.debug=all, and the following is from the log:

*** ClientHello, TLSv1.2
RandomCookie: GMT: 1558828594 bytes = { 57, 151, 156, 236, 36, 109, 192, 196, 220, 194, 34, 168, 170, 182, 3, 24, 96, 101, 160, 52, 93, 88, 55, 30, 31, 164, 103, 188 }
Session ID: {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1, sect283k1, sect283r1, sect409k1, sect409r1, sect571k1, sect571r1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA256withDSA, SHA224withECDSA, SHA224withRSA, SHA224withDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
Extension extended_master_secret
***
[write] MD5 and SHA1 hashes: len = 199
0000: 01 00 00 C3 03 03 5D EA D6 32 39 97 9C EC 24 6D ......]..29...$m
0010: C0 C4 DC C2 22 A8 AA B6 03 18 60 65 A0 34 5D 58 ....".....`e.4]X
0020: 37 1E 1F A4 67 BC 00 00 56 C0 24 C0 28 00 3D C0 7...g...V.$.(.=.
0030: 26 C0 2A 00 6B 00 6A C0 0A C0 14 00 35 C0 05 C0 &.*.k.j.....5...
0040: 0F 00 39 00 38 C0 23 C0 27 00 3C C0 25 C0 29 00 ..9.8.#.'.<.%.).
0050: 67 00 40 C0 09 C0 13 00 2F C0 04 C0 0E 00 33 00 g.@...../.....3.
0060: 32 C0 2C C0 2B C0 30 00 9D C0 2E C0 32 00 9F 00 2.,.+.0.....2...
0070: A3 C0 2F 00 9C C0 2D C0 31 00 9E 00 A2 00 FF 01 ../...-.1.......
0080: 00 00 44 00 0A 00 16 00 14 00 17 00 18 00 19 00 ..D.............
0090: 09 00 0A 00 0B 00 0C 00 0D 00 0E 00 16 00 0B 00 ................
00A0: 02 01 00 00 0D 00 1C 00 1A 06 03 06 01 05 03 05 ................
00B0: 01 04 03 04 01 04 02 03 03 03 01 03 02 02 03 02 ................
00C0: 01 02 02 00 17 00 00 .......
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1.2 Handshake, length = 199
[Raw write]: length = 204
0000: 16 03 03 00 C7 01 00 00 C3 03 03 5D EA D6 32 39 ...........]..29
0010: 97 9C EC 24 6D C0 C4 DC C2 22 A8 AA B6 03 18 60 ...$m....".....`
0020: 65 A0 34 5D 58 37 1E 1F A4 67 BC 00 00 56 C0 24 e.4]X7...g...V.$
0030: C0 28 00 3D C0 26 C0 2A 00 6B 00 6A C0 0A C0 14 .(.=.&.*.k.j....
0040: 00 35 C0 05 C0 0F 00 39 00 38 C0 23 C0 27 00 3C .5.....9.8.#.'.<
0050: C0 25 C0 29 00 67 00 40 C0 09 C0 13 00 2F C0 04 .%.).g.@...../..
0060: C0 0E 00 33 00 32 C0 2C C0 2B C0 30 00 9D C0 2E ...3.2.,.+.0....
0070: C0 32 00 9F 00 A3 C0 2F 00 9C C0 2D C0 31 00 9E .2...../...-.1..
0080: 00 A2 00 FF 01 00 00 44 00 0A 00 16 00 14 00 17 .......D........
0090: 00 18 00 19 00 09 00 0A 00 0B 00 0C 00 0D 00 0E ................
00A0: 00 16 00 0B 00 02 01 00 00 0D 00 1C 00 1A 06 03 ................
00B0: 06 01 05 03 05 01 04 03 04 01 04 02 03 03 03 01 ................
00C0: 03 02 02 03 02 01 02 02 00 17 00 00 ............
[Raw read]: length = 5
0000: 15 03 03 00 02 .....
[Raw read]: length = 2
0000: 02 28 .(
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', READ: TLSv1.2 Alert, length = 2
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', RECV TLSv1.2 ALERT: fatal, handshake_failure
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Received fatal alert: handshake_failure
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', called closeOutbound()
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', closeOutboundInternal()
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', SEND TLSv1.2 ALERT: warning, description = close_notify
[ACTIVE] ExecuteThread: '10' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1.2 Alert, length = 2
[Raw write]: length = 7
0000: 15 03 03 00 02 01 00 .......
<Dec 6, 2019, 2:29:07,327 PM PST> <Emergency> <oracle.dfw.incident> <BEA-000000> <incident 36 created with problem key "DFW-99998 [javax.net.ssl.SSLException]">

Have anyone encountered the issue? Any suggestion to solve the problem?

Thanks!

0 Kudos
1 Reply
Peter_Klingman
Esri Regular Contributor

Hi Yue, I saw this question appeared to be resolved through a Tech Support case, but I've cross-posted it to ArcGIS Runtime SDK for Java‌ to see if that space has any other input.

0 Kudos