Getting error accessing SSL Service with a "server certificate change is restricted during renegotiation" notice

Article Id: 38545

Status: Published

Updated On: 14-02-2018 07:37

Legacy Id: TEC1914375

Products:

CA Application Test Service Virtualization CA Continuous Application Insight (PathFinder)

Issue/Introduction:

Issue:

When trying to execute a https service from DevTest using a HTTP or WebService/REST step, I get the following exception

javax.net.ssl.SSLHandshakeException: server certificate change is restrictedduring renegotiation

at sun.security.ssl.Alerts.getSSLException(Unknown Source)

at sun.security.ssl.SSLSocketImpl.fatal(Unknown Source)

Environment:

DevTest 8 and 9 – All versions and platforms

Cause:

When trying to execute a service that is using SSL with DevTest to a secure service that has resolved the POODLE SSLv3 vunerability, you may not be able to access the secure service with our defaut SSL settings in our embedded JRE.

Resolution:

Add the following properties to your local.properties file. Will need these settings for your Workstation environment when authoring a test to the secure SSL service, and for your simulators that will execute the test against the service.

-Djdk.tls.allowUnsafeServerCertChange=true

-Dsun.security.ssl.allowUnsafeRenegotiation=true

Additional Information:

Although we are allowing the unsafe negotiations to be handled by DevTest, this is an acceptable workaround since DevTest is a testing product and not intended to be used as a production product.

Environment:

Release: LSASVR99000-8.1-LISA-Server
Component: