I have configured my proxy with 2-way SSL. When TLS hand shake failed, I get error Service temporarily unavailable by default and its default fault.name is "ServiceUnavailable". My usecase would like to change the default error message when TLS Handshake is failed. Because, "ServiceUnavailable" is generic even it is applicable when Server goes down and etc. Is there anyway i can determine the TLS handshake failed and customize the error message. When i see the system log, it shows Hand Shake failed message. But, i need to get something like that in Edge UI as well in order to determine the TLS Handshake failed.
com.apigee.messaging.adaptors.http.flow.data.LBTargetRequestSender$ResponseListenerForLBTarget$1.onException(LBTargetRequestSender.java:469) [http-adaptor-1.0.0.jar:na] at com.apigee.protocol.http.HTTPClient$Context.handshakeFailed(HTTPClient.java:1286) [http-1.0.0.jar:na] at com.apigee.nio.SSLTransport.run(SSLTransport.java:156) [nio-1.0.0.jar:na] at com.apigee.nio.SSLTransport.process(SSLTransport.java:488) [nio-1.0.0.jar:na] at com.apigee.nio.ClientChannel.process(ClientChannel.java:263) [nio-1.0.0.jar:na] at com.apigee.nio.NIOSelector$SelectedIterator.findNext(NIOSelector.java:479) [nio-1.0.0.jar:na] at com.apigee.nio.NIOSelector$SelectedIterator.findNext(NIOSelector.java:449) [nio-1.0.0.jar:na] at com.apigee.nio.util.NonNullIterator.computeNext(NonNullIterator.java:16) [nio-1.0.0.jar:na] at com.apigee.nio.util.AbstractIterator.hasNext(AbstractIterator.java:36) [nio-1.0.0.jar:na] at com.apigee.nio.NIOSelector$2.findNext(NIOSelector.java:266) [nio-1.0.0.jar:na] at com.apigee.nio.NIOSelector$2.findNext(NIOSelector.java:256) [nio-1.0.0.jar:na] at com.apigee.nio.util.NonNullIterator.computeNext(NonNullIterator.java:16) [nio-1.0.0.jar:na] at com.apigee.nio.util.AbstractIterator.hasNext(AbstractIterator.java:36) [nio-1.0.0.jar:na] at com.apigee.nio.handlers.NIOThread.run(NIOThread.java:59) [nio-1.0.0.jar:na]
Solved! Go to Solution.
Look the variable "fault.subcategory" which will have value of "IOError" in case of TLS handshake Failed. Otherwise, it would be the value of "Connection". So, using value of "fault.subcategory", can determine the service unavailable because of TLS or General connection issue and based on that, we can customized the Fault.
Good question. I was able to reproduce a handshake failure locally and observe that there's a property named "error.cause" that seems to hold the below message
Received fatal alert: handshake_failure
The error.cause is not a variable so context.getVariable("error.cause") does not retrieve it's value. I am checking if there's some way to read this property and/or if there's some other way to determine if 503 is caused due to a handshake failure. I will keep this community link posted if I find something.
Regards,
Amar
@AMAR DEVEGOWDA, thanks !! I do not see even error.cause in my trace where error logged in request flow. what i am missing ?
Please enable the "Show All FlowInfos" on the left hand panel of the UI Trace. You should be able to see a flow named "Error" as shown in my screenshot below. In the Error inflow, you should see the property "error.cause".
screen-shot-2016-07-26-at-91829-am.png
Regards,
Amar
Ok ! I enabled "Show All FlowInfos". I do have all properties as shown in your screen shot except error.cause. Could be it is missing due to version what we installed in our On-Prem or the Proxy the way i defined.
But, anyway I am looking forward a Solution for this issue.
Look the variable "fault.subcategory" which will have value of "IOError" in case of TLS handshake Failed. Otherwise, it would be the value of "Connection". So, using value of "fault.subcategory", can determine the service unavailable because of TLS or General connection issue and based on that, we can customized the Fault.