DSS REST API Handshake error reappears

pradeep.balasubramanian

We had the handshake issue initially which was solved with the help from the moderators in the forum. It was working properly until Friday afternoon (14.06.2019). We have done the procedure as mentioned in

https://developers.refinitiv.com/article/building-keystore-file-be-used-https-or-encrypted-connection-type-real-time-java-based-apis but still we get the handshake error. Has anything changed at Refinitiv side? How can we proceed further?

We use Java/JBOSS as tech stack.

veerapath.rungruengrayubkul

Hi @abhishek.joshi6,

From the network file, it seems that the certificate used for DSS API is issued by a proxy server, EMAILADDRESS=internalit.proxyops@tcs.com. You need to verify whether the certificate is still valid in your environment or not.

 chain [0] = [ 
[ 
Version: V3 
Subject: CN=hosted.datascopeapi.reuters.com, O=Thomson Reuters, L=Eagan, ST=Minnesota, C=US 
Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 
Key: Sun RSA public key, 2048 bits 
modulus: 225980782775591611118446889...
public exponent: 65537 
Validity: [From: Fri Mar 02 05:30:00 IST 2018, To: Fri Nov 01 17:30:00 IST 2019] 
Issuer: EMAILADDRESS=internalit.proxyops@tcs.com, CN=proxy.tcs.com, OU=Internal IT, O=TCS, L=Mumbai, ST=Maharashtra, C=IN 
SerialNumber: [ 5fe3ccbf 9e9ff603 f93d0f89 86f40200] 

Christiaan Meihsl

pradeep.balasubramanian, this query is posted in the DSS (Datascope Select) space, but the link you mention is for the Elektron product, using the EMA or ETA API. Can you please tell us what API / product you are using ?

pradeep.balasubramanian

@Christiaan Meihsl We use the Datascope Select REST API.

Christiaan Meihsl

pradeep.balasubramanian, fine, thank you.

I guess you are referring to the handshake error mentioned in this previous thread ?

As far as I know nothing was changed on our side.

The first time you encountered this issue, did you implement the solution that @Gurpreet. suggested, or did you solve it in a different way ?

Can you please also enable network logging using this property, and post the log with the error ?:

<code>-Djavax.net.debug=all

abhishek.joshi6

Hi @Christiaan Meihsl,

Earlier there was a property in our jboss standalone.xml

javax.net.ssl.trustStore which we commented and we were able to hit refinitiv api. This was working fine untill Friday 14.06.2019.

But now we are not even able to hit the api using sample code (main method) also.

Please find attached network logs.

abhishek.joshi6

Hi @Christiaan Meihsl,

Any update for us?

Christiaan Meihsl

abhishek.joshi6,

Apologies for the late response, I'm just back from vacation. Sorry no one else responded.

I have asked the product group if any change was made during the weekend of 15-16 June 2019, and will revert with their answer.

This is a certificate issue, not really related to the API itself. It is difficult for us to solve as we do not have the same environment as you. Are you running the latest release of Java ?

I found a stackoverflow post on the SSL handshake exception you are getting, which might be of help, especially as it links to several other posts on the same topic.

Christiaan Meihsl

@Gurpreet., any suggestion ?

Gurpreet

Hi @abhishek.joshi6, @pradeep.balasubramanian, The certificate used by DSS site has not changed in the last few days. Can you try to run a java application outside of JBOSS environment and try to isolate the trust store issues. Seems like, you are not pointing to the correct certstore file - there is no DigiCert SHA2 Secure Server CA in the logs.