TSL error when calling a WebService over ssl/https

In one of my projects recently, even after importing the correct ssl certificates in the keystore (cacerts and DemoTrust.jks) on the weblogic server, when accessing the webservice over https gave an error.

javax.xml.ws.WebServiceException: javax.net.ssl.SSLHandshakeException: [Security:090497]HANDSHAKE_FAILURE alert received from example.com - Check both sides of the SSL configuration for mismatches in supported ciphers, supported protocol versions, trusted CAs, and hostname verification settings.

After doing some research i found that the error was related to the protocol mismatch. i.e. the webservice did not support sslv3 it only supported TLS.

To solve the problem, i put the following in the server start tab of the WebLogic Managed Server from where my application was calling the web service.


This property value enables any protocol starting with “TLS” for messages that are sent and accepted; for example, TLS V1.0, TLS V1.1, and TLS V1.2
Other accepted values are SSLv3, TLSv1, TLSvx.y.

Reference: https://docs.oracle.com/middleware/1213/wls/SECMG/ssl_version.htm#SECMG635

Above is the final thing that worked. We also faced the issue in JDeveloper when consuming the web service. The equivalent of the above in JDeveloper is


For Debugging SSL in JDeveloper, use the below


To solve this issue, there are few more things that i figured out and wanted to put out so that it is helpful to me and other in future.

Since the error also pointed something related to hostname verification, i have also tried putting the following parameter to disable hostname verification:


Use the following command-line properties to enable SSL debugging:

-Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true


Other options:

Use this option to turn off checking for the Basic Constraints extension. The rest of the certificate is still validated.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.