Handshake issue while connecting to RTO from linux system using RTSDK?

Question

question

prashantd

1 ●0 ●0 ●0

Handshake issue while connecting to RTO from linux system using RTSDK?

We are trying to connect to RTO from Linux container (Red Hat Enterprise Linux 9.4) using RTSDK-Java. We are getting below error while trying to make consumer connection:

Failed to add RsslChannel(s) to RsslReactor. Channel name(s) Channel_1\n\tInstance Name Consumer_1_1\n\tRsslReactor @68bef3df\n\tRsslChannel null\n\tError Id -1\n\tInternal sysError 0\n\tError Location RestReactor.submitAuthRequestBlocking\n\tError Text failed to submit authorization request, exception = Remote host terminated the handshake

#technology ema-api java ssl

May 29 at 08:32 AM

10 |1500

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 1 · 2024-05-30T09:33:30Z

wasin.w

25.7k ●58 ●17 ●14

Hello @prashantd

About your "We tried both 'nslookup' and 'curl (version 2)' given by you, and we are able to connect from our network without any error." message, did you try it on the same OpenShift container or the local machine?

Can you try the following Java Code on the OpenShift platform to verify that a simple Java HTTP request can make a connection to the RDP API Gateway?

HttpRequest request = HttpRequest.newBuilder()
    .uri(URI.create("https://api.refinitiv.com:443/auth/oauth2/v2/token"))
    .header("Content-Type", "application/x-www-form-urlencoded")
    .method("POST", HttpRequest.BodyPublishers.ofString("client_secret=<client_secret>&client_id=<client_id>&grant_type=client_credentials&scope=trapi"))
    .build();

HttpResponse<String> response = HttpClient.newHttpClient().send(request, HttpResponse.BodyHandlers.ofString());
System.out.println(response.body());

Note: According to the RTSDK Java README file, the SDK isn't qualified on the Docker platform. If you find any problems while running it on the Docker platform, the issues must be replicated on bare metal machines before contacting the support team.

Does the problem occur on physical machine?

May 30 at 09:33 AM

10 |1500

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 2 · 2024-05-29T09:20:49Z

wasin.w

25.7k ●58 ●17 ●14

Hello @prashantd

The error message "RestReactor ... failed to submit authorization request, exception = Remote host terminated the handshake" indicate that the API cannot establish a HTTP connection to the https://api.refinitiv.com:443/auth/oauth2/<version>/token endpoint.

Does your company has any firewall or network policy that blocks a connection to api.refinitiv.com domain?

You can try the following commands to verify a HTTP connection from your container/machine.

nslookup api.refinitiv.com

Or if you are using the Authentication Version 1 (Machine ID: GE-A-XXXXXXXX-X-XXXX)

curl --location --request POST 'https://api.refinitiv.com/auth/oauth2/v1/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Bearer ' \
--data-urlencode "username=<MACHINE_ID>" \
--data-urlencode "password=<PASSWORD>" \
--data-urlencode 'grant_type=password' \
--data-urlencode 'scope=trapi' \
--data-urlencode 'takeExclusiveSignOnControl=true' \
--data-urlencode "client_id=<APP_KEY>"

Or if you are using the Authentication Version 2 (CIAM, Service Account, Client ID: GE-XXXXXXXXXXXX)

curl --location --request POST \
  'https://api.refinitiv.com:443/auth/oauth2/v2/token' \
  --header 'Accept: */*' \
  --header 'Authorization: Bearer ' \
  --header 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'client_secret=<CLIENT_SECRET>' \
  --data-urlencode 'client_id=<CLIENT_ID>' \
  --data-urlencode 'grant_type=client_credentials' \
  --data-urlencode 'scope=trapi'

Note: The static IP address of api.refinitiv.com are as follows:

75.2.0.254
99.83.242.11

May 29 at 09:20 AM

10 |1500

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Answer 3 · 2024-05-30T08:13:09Z

prashantd

1 ●0 ●0 ●0

Hi wasin.w,

Thanks for the timely response. We tried both 'nslookup' and 'curl (version 2)' given by you and we are able to connect from our network without any error. This handshake issue is happening only on the OpenShift container (Red Hat Enterprise Linux 9.4). Below are the detailed logs from the OpenShift container. I have masked our proxy server details with http://xxx.xx.xx.xxx:xxx so please ignore that:

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.conn.PoolingHttpClientConnectionManager","message":"Connection request: [route: {tls}->http://xxx.xx.xx.xxx:xxx->https://api.refinitiv.com:443][total available: 0; route allocated: 0 of 2; total allocated: 0 of 20]","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.conn.PoolingHttpClientConnectionManager","message":"Connection leased: [id: 0][route: {tls}->http://xxx:xxx:xx:xxx:xxx->https://api.refinitiv.com:443][total available: 0; route allocated: 1 of 2; total allocated: 1 of 20]","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.execchain.MainClientExec","message":"Opening connection {tls}->http://xxx:xxx:xx:xxx:xxx->https://api.refinitiv.com:443","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.conn.DefaultHttpClientConnectionOperator","message":"Connecting to /xxx:xxx:xx:xxx:xxx","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.conn.DefaultHttpClientConnectionOperator","message":"Connection established 10.197.32.178:50296<->xxx:xxx:xx:xxx:xxx","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.headers","message":"http-outgoing-0 >> CONNECT api.refinitiv.com:443 HTTP/1.1","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.headers","message":"http-outgoing-0 >> Host: api.refinitiv.com","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.headers","message":"http-outgoing-0 >> User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.7)","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.wire","message":"http-outgoing-0 >> \"CONNECT api.refinitiv.com:443 HTTP/1.1[\\r][\\n]\"","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.wire","message":"http-outgoing-0 >> \"Host: api.refinitiv.com[\\r][\\n]\"","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.wire","message":"http-outgoing-0 >> \"User-Agent: Apache-HttpClient/4.5.14 (Java/17.0.7)[\\r][\\n]\"","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.wire","message":"http-outgoing-0 >> \"[\\r][\\n]\"","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.wire","message":"http-outgoing-0 << \"HTTP/1.1 200 Connection Established[\\r][\\n]\"","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.wire","message":"http-outgoing-0 << \"Proxy-Agent: XXXXXX/6.2[\\r][\\n]\"","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.wire","message":"http-outgoing-0 << \"[\\r][\\n]\"","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.headers","message":"http-outgoing-0 << HTTP/1.1 200 Connection Established","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.headers","message":"http-outgoing-0 << Proxy-Agent: XXXXXX/6.2","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.execchain.MainClientExec","message":"Tunnel to target created.","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.conn.ssl.SSLConnectionSocketFactory","message":"Enabled protocols: [TLSv1.3, TLSv1.2]","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.conn.ssl.SSLConnectionSocketFactory","message":"Enabled cipher suites:[TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_RSA_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256, TLS_DHE_DSS_WITH_AES_256_GCM_SHA384, TLS_DHE_RSA_WITH_AES_128_GCM_SHA256, TLS_DHE_DSS_WITH_AES_128_GCM_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256, TLS_DHE_DSS_WITH_AES_256_CBC_SHA256, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256, TLS_DHE_DSS_WITH_AES_128_CBC_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256, TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA, TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_256_CBC_SHA, TLS_DHE_DSS_WITH_AES_256_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA, TLS_ECDH_RSA_WITH_AES_256_CBC_SHA, TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA, TLS_ECDH_RSA_WITH_AES_128_CBC_SHA, TLS_RSA_WITH_AES_256_GCM_SHA384, TLS_RSA_WITH_AES_128_GCM_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA256, TLS_RSA_WITH_AES_128_CBC_SHA256, TLS_RSA_WITH_AES_256_CBC_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_EMPTY_RENEGOTIATION_INFO_SCSV]","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.conn.ssl.SSLConnectionSocketFactory","message":"Starting handshake","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.conn.DefaultManagedHttpClientConnection","message":"http-outgoing-0: Shutdown connection","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.execchain.MainClientExec","message":"Connection discarded","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.conn.PoolingHttpClientConnectionManager","message":"Connection released: [id: 0][route: {tls}->http://xxx:xxx:xx:xxx:xxx->https://api.refinitiv.com:443][total available: 0; route allocated: 0 of 2; total allocated: 0 of 20]","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.conn.PoolingHttpClientConnectionManager","message":"Connection manager is shutting down","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"DEBUG","loggerName":"org.apache.http.impl.conn.PoolingHttpClientConnectionManager","message":"Connection manager shut down","endOfBatch":false,"loggerFqcn":"org.apache.commons.logging.LogAdapter$Log4jLog"}

{"thread":"main","level":"ERROR","loggerName":"com.refinitiv.ema.access.OmmConsumerImpl","message":"loggerMsg\n ClientName: ChannelCallbackClient\n Severity: Error\n Text: Failed to add RsslChannel(s) to RsslReactor. Channel name(s) Channel_1\n\tInstance Name Consumer_1_1\n\tRsslReactor @5ab0168\n\tRsslChannel null\n\tError Id -1\n\tInternal sysError 0\n\tError Location RestReactor.submitAuthRequestBlocking\n\tError Text failed to submit authorization request, exception = Remote host terminated the handshake\nloggerMsgEnd\n\n","endOfBatch":false,"loggerFqcn":"org.apache.logging.slf4j.Log4jLogger"}

Can you please check this once from your end and let us know if something needs to be corrected?

May 30 at 08:13 AM

10 |1500

Attachments: Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Q&A Forum

question

Handshake issue while connecting to RTO from linux system using RTSDK?

3 Answers

Write an Answer

question

Handshake issue while connecting to RTO from linux system using RTSDK?

3 Answers

Write an Answer

Related Questions