This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal


~Fritz Kijumiskioopsi
Sep 22, 2016, 7:32 PM
2 Posts

PayPal SHA-256 connection error

  • Category: Domino Server
  • Platform: Windows
  • Release: 9.0.1
  • Role: Developer
  • Tags:
  • Replies: 3

We process payments with Payment Pro end to end API. The Domino server has been upgraded to the latest version Release 9.0.1FP7.

When we submit an authorization or a payment via Java we receive the following error.  "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure".  I have the submitting agent writing to the log the current java version and it is "HTTP JVM: pwa6460sr16fp30-20160726_01 (SR16 FP30)". 


I have enable DEBUG_SSL_ALL= 3, DEBUG_SSL_HANDSHAKE=2, DEBUG_SSL_CERT=1, DEBUG_SSL_CIPHERS=2 and the results are as follows.

SSLProcessProtocolMessage> Record Content: Handshake (22)

SSLProcessHandshakeMessage Enter> Message: Finished (20) State: HandshakeFinished (14) Key Exchange: 9 Cipher: DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F)

SSLCalculateTLS12FinishedMessage Enter> senderID: client finished, PRF using SHA384

SSLProcessHandshakeMessage Exit> Message: Finished (20) State: HandshakeFinished (14) Key Exchange: 9 Cipher: DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F)

SSLAdvanceHandshake Enter> Processed: Finished (20) State: HandshakeFinished (14)

SSLAdvanceHandshake Exit> State HandshakeServerIdle (3)

SSL_Handshake> After handshake2 state HandshakeServerIdle (3)

SSL_Handshake> Using resumed SSL/TLS session

SSL_Handshake> Protocol Version = TLS1.2 (0x303)

SSL_Handshake> Cipher = DHE_RSA_WITH_AES_256_GCM_SHA384 (0x009F)

SSL_Handshake> KeySize = 256 bits

SSL_Handshake> Original Ephemeral Diffie-Hellman key size = 0 bits

SSL_Handshake> Server RSA key size = 2048 bits

SSL_Handshake> Using Extended Master Secret from RFC 7627

SSL_Handshake> TLS/SSL Handshake completed successfully

 

The error log also includes this entry.

HTTP JVM: Cannot create a session from an agent. For more detailed information, please consult error-log-0.xml located in C:/Lotus/Domino/Data/domino/workspace/logs

This is the entry from the error-log-0.xml file.

SEVERE Cannot create a session from an agent com.ibm.domino.napi.ssl

 


I have created Java classes on my local machine (which is running Java 8) and submit an authorization or a payment with the same Java code and it works. It seems to me that the handshake is failing because the communication from our server to PayPal’s servers is not being attempted with SHA-256 but I can see no indication of this. I need help. I'm not sure what the problem is.

~Fritz Kijumiskioopsi
Sep 23, 2016, 1:07 PM
2 Posts
Previous version Release 9.0.1FP4

Thank you for taking the time to respond to my post.

The server was upgraded from Release 9.0.1FP4 to Release 9.0.1FP7.

I read the technotes you referenced. I must be misunderstanding something. As I read the technotes they are referencing systems trying to connect to my domino server but that is not the problem I am having. Am I reading them correctly?

I am trying to connect to PayPal's servers and receive a response but we cannot establish a handshake.

Having said that, I have disabled sslv3 DISABLE_SSLV3=1, I am not getting failed with inappropriate_fallback alert in the Domino console, I set the SSLCipherSpec to SSLCipherSpec=9D9C3D3C676B9E9F and tried SSLCipherSpec=9C3D3C676B9E and no joy.

I'm stumped.

~Wei Asatoopulakol
May 8, 2018, 11:53 PM
37 Posts
Did you ever resolve this issue?

I am currently struggling with exactly the same problem.

 

The payment gateway with which I am attempting to communicate has recently upgraded to enforce mandatory TLS 1.2 communications.

 

My logic completes fine when run on my Notes client (9.0.1FP10IF3) but not on my Domino server (9.0.1FP6).


This forum is closed to new posts and responses. Individual names altered for privacy purposes. The information contained in this website is provided for informational purposes only and should not be construed as a forum for customer support requests. Any customer support requests should be directed to the official HCL customer support channels below:

HCL Software Customer Support Portal for U.S. Federal Government clients
HCL Software Customer Support Portal