Amazon Web Services - Handshake Error

Document created by chris_fagan Employee on Jul 21, 2016Last modified by chris_stevens on Aug 10, 2016
Version 3Show Document
  • View in full screen mode

While trying to use an HTTP Connector to connect to an Amazon AWS endpoint, the following error occurs:

Test execution of Test_IP_To_OSF completed with errors. Embedded message: (-1) - Received fatal alert: handshake_failure; Caused by: Received fatal alert: handshake_failure

aws_error_1.png

 

Issue

The handshake error above can occur due to incompatibilities with SSL/TLS cipher suites contained on the atom where the process is being run. Amazon AWS requires TLSv1.2 with a TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher. This cipher requires Server Name Indifcation (SNI) to be passed to the server as well, so if both of those factors aren't configured correctly on the atom, a handshake error can occur.

 

Solution

To resolve this issue, the atom server must be configured to have Server Name Indication (SNI) extensions enabled. This can be done using the following procedure:

 

  1. Log onto the atom server.
  2. Navigate to the following directory: <Atom Install Directory>/bin and open the atom.vmoptions file (or atomw.vmoptions if running the atom in Desktop mode).
  3. Add the following line: -Djsse.enableSNIExtension=true
  4. Save the vmoptions file and restart the atom.

 

Note: The Boomi Atom Clouds (Test and Production) currently do not support Server Name Indication (SNI) extensions at this time. We currently do not have any immediate future plans to enable SNI extensions as it may have negative effects for customers who use our atom clouds. Therefore, the above handshake error will occur while attempting to use Amazon AWS. While using Amazon AWS endpoints, we recommend either using a local atom or a private atom cloud where these configurations can be made.

1 person found this helpful

Attachments

    Outcomes