Getting error accessing SSL Service with a "server certificate change is restricted during renegotiation" notice

book

Article ID: 38545

calendar_today

Updated On:

Products

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder) CA Service Virtualization (DevTest / LISA / VSE / Application Test)

Issue/Introduction

Issue: 

When trying to execute a https service from DevTest using a HTTP or WebService/REST step, I get the following exception

javax.net.ssl.SSLHandshakeException: server certificate change is restrictedduring renegotiation 

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source) 

Environment:

DevTest 8 and 9 – All versions and platforms

Cause: 

When trying to execute a service that is using SSL with DevTest to a secure service that has resolved the POODLE SSLv3 vunerability, you may not be able to access the secure service with our defaut SSL settings in our embedded JRE.

Resolution:

Add the following properties to your local.properties file.   Will need these settings for your Workstation environment when authoring a test to the secure SSL service,  and for your simulators that will execute the test against the service.

-Djdk.tls.allowUnsafeServerCertChange=true

-Dsun.security.ssl.allowUnsafeRenegotiation=true 

Additional Information:

Although we are allowing the unsafe negotiations to be handled by DevTest, this is an acceptable workaround since DevTest is a testing product and not intended to be used as a production product.


Environment

Release: LSASVR99000-8.1-LISA-Server
Component: