I try to create an apigee proxy to an AWS API Gateway endpoint and I alway receive a 503 response :
|error||The Service is temporarily unavailable|
|error.cause||Received fatal alert: handshake_failure|
<HTTPTargetConnection> <URL>https://XXXXXXXX.execute-api.eu-west-1.amazonaws.com</URL> <SSLInfo> <Enabled>true</Enabled> <ClientAuthEnabled>false</ClientAuthEnabled> <IgnoreValidationErrors>false</IgnoreValidationErrors> <TrustStore>myTruststore</TrustStore> <!-- <Protocols> <Protocol>TLSv1.2</Protocol> </Protocols> --> </SSLInfo> </HTTPTargetConnection>
Of course I can successfully curl the AWS API Gateway endpoint in a terminal. Why apigee can't ?
Any help ?
I suspect the problem is SNI.
Not all Apigee Edge organizations are set up to perform SNI outbound correctly.
Your AWS endpoint uses SNI, but Apigee Edge isn't doing the right thing.
What kind of organization is it? Paid or Trial?
If Trial, can you please set up a new trial organization (with a new email) and try it THERE ?
If Paid, you will need to contact Apigee Support.
Yann - Have you resolved this issue? I could see that APIGEE doesn't support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher. In successful curl to Amazon API gateway, SSL connection is using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256. I have tried to connect using both trial and paid version but getting same error.
Target Servers Failing 7 Answers
Generate random token number 2 Answers