ZAP-Handshake Failure Problem
900 views
Skip to first unread message
priyala...@globalsoft-solutions.com
Feb 7, 2017, 3:46:37 AM2/7/17
to OWASP ZAP User Group
We are planning to submit our App for Salesforce Security Review, for which we have to Scan our web service endpoint URL that we are using to integrate with SAP.
Our URL uses two way SSL with Authentication based on User Name and Password
When trying to scan the URL in URL to Attack Field,it results in Handshake Failure
We have even imported our ZAP Certificate in SAP trusted list.Still getting the same problem. Please help us to resolve this issue.
The following Exceptions is being caught.Need help..
ZAP Error [javax.net.ssl.SSLHandshakeException]: Received fatal alert: handshake_failure Stack Trace: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) at sun.security.ssl.Alerts.getSSLException(Alerts.java:154) at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:2023) at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1125) at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) at org.parosproxy.paros.network.SSLConnector.createSocket(Unknown Source) at org.apache.commons.httpclient.HttpConnection.open(Unknown Source) at org.apache.commons.httpclient.MultiThreadedHttpConnectionManager$HttpConnectionAdapter.open(MultiThreadedHttpConnectionManager.java:1361) at org.apache.commons.httpclient.HttpMethodDirector.executeWithRetry(Unknown Source) at org.apache.commons.httpclient.HttpMethodDirector.executeMethod(Unknown Source) at org.apache.commons.httpclient.HttpClient.executeMethod(HttpClient.java:397) at org.parosproxy.paros.network.HttpSender.executeMethod(Unknown Source) at org.parosproxy.paros.network.HttpSender.runMethod(Unknown Source) at org.parosproxy.paros.network.HttpSender.send(Unknown Source) at org.parosproxy.paros.network.HttpSender.sendAuthenticated(Unknown Source) at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source) at org.parosproxy.paros.network.HttpSender.sendAndReceive(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.processHttp(Unknown Source) at org.parosproxy.paros.core.proxy.ProxyThread.run(Unknown Source) at java.lang.Thread.run(Thread.java:745)
kingthorin+owaspzap
Feb 7, 2017, 10:12:25 AM2/7/17
to OWASP ZAP User Group
There's a FAQ for that: https://github.com/zaproxy/zaproxy/wiki/FAQsslHandshake
priyala...@globalsoft-solutions.com
Feb 7, 2017, 10:18:44 AM2/7/17
to OWASP ZAP User Group
Thanks@Kingthorin,
We followed the link, still we face the issue
We tried Enabling Unsafe SSL, Downgraded the java version to 7, installed JCE files and restarted ZAP.
Still it did not resolve..Is there any other solution for this?
We followed the link, still we face the issue
We tried Enabling Unsafe SSL, Downgraded the java version to 7, installed JCE files and restarted ZAP.
Still it did not resolve..Is there any other solution for this?
Reply all
Reply to author
Forward
0 new messages