How can I add SSL cipher suites into local Mendix runtime
0
Hello, I am trying consuming REST API from a HTTPS endpoint but having a problem. Accessing the API fails with following error. Received fatal alert: handshake_failure Error calling REST service at SharedMicroflows.***(module and microflow name)*** (CallRest : 'Call REST (GET)') at SharedMicroflows.*** (SubMicroflow : '***') Advanced stacktrace: at com.mendix.integration.actions.microflow.RestCallAction.execute(RestCallAction.scala:60) Caused by: java.security.PrivilegedActionException: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at com.mendix.integration.util.PrivilegedUtil$$anonfun$withPrivileged$2.applyOrElse(PrivilegedUtil.scala:17) Caused by: null at java.base/java.security.AccessController.doPrivileged(Native Method) at com.mendix.integration.util.PrivilegedUtil$.$anonfun$withPrivileged$1(PrivilegedUtil.scala:13) at scala.util.Try$.apply(Try.scala:213) (snip.) After enabled -Djavax.net.debug=all I see m2ee_log.txt and found the following before failing handshake. javax.net.ssl|DEBUG|37|Thread-22|2020-08-26 19:13:38.625 JST|ClientHello.java:651|Produced ClientHello handshake message ( "ClientHello": { "client version" : "TLSv1.2", "random" : "99 1E 69 FB 8A 69 AE 8F 50 06 31 B7 C1 FF 9C 54 F1 6A F8 56 CF CA 66 56 D4 80 0F 6A 21 80 C7 B9", "session id" : "8C 70 64 FB A5 04 B8 EA AD 0D 94 0E E8 85 4E B4 91 1D DE 22 29 D1 93 F8 78 43 04 A3 37 23 9F A2", "cipher suites" : "[TLS_AES_128_GCM_SHA256(0x1301), TLS_AES_256_GCM_SHA384(0x1302), TLS_RSA_WITH_AES_256_GCM_SHA384(0x009D), TLS_DHE_RSA_WITH_AES_256_GCM_SHA384(0x009F), TLS_DHE_DSS_WITH_AES_256_GCM_SHA384(0x00A3), TLS_RSA_WITH_AES_128_GCM_SHA256(0x009C), TLS_DHE_RSA_WITH_AES_128_GCM_SHA256(0x009E), TLS_DHE_DSS_WITH_AES_128_GCM_SHA256(0x00A2), TLS_RSA_WITH_AES_256_CBC_SHA256(0x003D), TLS_DHE_RSA_WITH_AES_256_CBC_SHA256(0x006B), TLS_DHE_DSS_WITH_AES_256_CBC_SHA256(0x006A), TLS_RSA_WITH_AES_256_CBC_SHA(0x0035), TLS_DHE_RSA_WITH_AES_256_CBC_SHA(0x0039), TLS_DHE_DSS_WITH_AES_256_CBC_SHA(0x0038), TLS_RSA_WITH_AES_128_CBC_SHA256(0x003C), TLS_DHE_RSA_WITH_AES_128_CBC_SHA256(0x0067), TLS_DHE_DSS_WITH_AES_128_CBC_SHA256(0x0040), TLS_RSA_WITH_AES_128_CBC_SHA(0x002F), TLS_DHE_RSA_WITH_AES_128_CBC_SHA(0x0033), TLS_DHE_DSS_WITH_AES_128_CBC_SHA(0x0032), TLS_EMPTY_RENEGOTIATION_INFO_SCSV(0x00FF)]", "compression methods" : "00", "extensions" : [ "status_request (5)": { (snip.) So I doubt the reason of the handshake is no matching cipher suites between client (Mendix) and the server. We have set an ECDSA cert on server but no ECDSA one in Mendix’s cipher suites field of ClientHello. It’s weird but it works when I deployed to the free tier Mendix cloud. So I think the local Mendix runtime lacks (or restricted) some cipher suites. How can I add cipher suites into local Mendix runtime? I also welcome other suggestion if I'm misunderstanding the error and looking wrong place. Best,