TLS and SSL Errors With Connection Steps in versions Cycle 2.10+

TLS and SSL Errors With Connection Steps in versions Cycle 2.10+

The Java version shipped with Cycle was updated with the Cycle 2.10 release.  


As a result, you may receive error message similar to the example messages below when running steps to establish DB connections in Cycle 2.10+:

javax.net.ssl.SSLException

MESSAGE: closing inbound before receiving peer's close_notify

- or -
com.mysql.cj.jdbc.exceptions.CommunicationsException: Communications link failure
- or -
The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "The server selected protocol version TLS10 is not accepted by client preferences [TSL12]"

These error messages are related to Cycle establishing connections to servers using TLS 1.0 and TLS 1.1 encryption.

Updated versions of Java disable TLS 1.0 and TLS 1.1 encryption algorithms by default due to security risks. However, Java has provided a way to re-enable those algorithms for legacy systems that cannot be readily updated to use TLS 1.2. It is recommended that systems are updated to use TLS 1.2, but we understand that is not always possible.

We are unable to permanently modify Cycle to enable TLS 1.0 and TLS 1.1 by default due to security risks involved with those older versions of TLS and our requirement to ship Cycle in a secure state. Post install steps will need to be taken to override the default security behavior of Java and allow Cycle to establish connections with legacy TLS 1.0 and TLS 1.1 systems. 

 

There are two options for handling this issue by enabling Cycle to use TLS 1.0 or TLS 1.1 encryption. 

Option 1

You will need to complete the following steps on any machine where Cycle 2.10+ is installed, and you are running tests that require a server connection using TLS 1.0 or TLS 1.1.

You will need admin rights to complete these steps.

Please Note: This option is not permanent. These steps will need to be completed any time Cycle is installed or updated. Installing or updating Cycle will replace the updated java.security file with the default java.security file.

 

1. Close any open instances of Cycle

 

2. Navigate to the directory: C:\Program Files (x86)\CycleLabs\Cycle\jdk8u322-b06\jre\lib\security

     Please note the directory should be similar to jdk8u322-b06 but might differ depending on the version of Cycle/Java installed

3. Open the java.security file for editing.  You will need to have admin rights to save the file after editing. 


4. Find the line:

     jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, \ 


5. Update the line by removing TLSv1 and TLSv1.1 from the list: 

     jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \  


6. Save the updated file  


7. Now any new sessions of Cycle that you open will use the updated java.security file. This applies to cycle-cli tests as well as tests executed using the Cycle Client on the machine where the java.security file was modified.

8. Remember, this change will be overridden if you re-install or update Cycle on the device. You will need to complete these steps each time Cycle is installed or updated.

 

Option 2

This option is more persistent, but it will require some additional setup and perhaps troubleshooting to ensure the solution is working properly for your environment.


You essentially will need to create a custom java.security file that will override default settings, and place the file somewhere so that it will not be modified by future Cycle software updates. 

You will need admin rights to complete these steps. 


1. Close any open instances of Cycle.

2. Create a new java.security file in an appropriate location on the machine where Cycle is installed.

     This location should have permissions to be accessed by the Cycle application.
     Take note of the location where you are placing this java.security file. For our example, we will use the location "C:\Users\wmadmin\java.security".

3. Add the contents below to the new C:\Users\wmadmin\java.security\java.security file. These are the only contents that need to be in the file: 

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \

    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \

    include jdk.disabled.namedCurves

     Please note: You do not have to re-create the entire default java.security file that ships with Cycle.
     The settings in this custom java.security file will override any settings loaded from the default java.security file.

4. For Cycle Client test execution to use override settings, you will need to update your Cycle Client Application Preferences -> Server Tuning arguments to load the new override java.security file when Cycle opens.
      To do this: open the Cycle Client, update the Application Preferences -> Server Tuning arguments, and then close/re-open Cycle for the changes to take effect.
      Be sure to update the path in the example below to be the path where the new java.security file is located:
Server Tuning arguments = "-Djava.security.properties=C:\Users\wmadmin\java.security"


3. For Cycle-CLI command line test execution to use the updated Java security settings, you will need to create/update a Windows environment variable called JETVMPROP. 

      When you run cycle-cli, it will use the value of the JETVMPROP variable as program arguments when it starts Java.
      These settings will look for the updated custom java.security file and override the tls.disabledAlgorithms settings from the stock java.security file. 
      Be sure to update the path in the example below to be the path where the new java.security file is located:
JETVMPROP ="-Djava.security.properties=C:\Users\wmadmin\java.security"


    • Related Articles

    • How to use a SQL query as a Scenario Outline data source

      With the enhancements to Scenario Outlines, it is now possible to use multiple sources for test parameter data. Previously, parameters were set in the Feature in an Examples section specified and maintained by the user. The addition of Example Row, ...
    • How to store Connections and Credentials in Cycle

      Cycle 2.5 includes the ability to save Connections and Credentials for your systems under test. Using named Connections and Credentials streamlines and simplifies declaring system access, makes Features look cleaner and promotes reusability of “set ...
    • Connection Refused error opening native apps

      Problem I receive the error: “Connection refused…” when attempting to open a native app using Cycle. Solution The “Connection refused...” error occurs when there is an issue with the WinAppDriver Cycle is attempting to use. The following guide walks ...
    • Can I use Cycle's Data Store reporting even if I don't have a database available?

      Problem In-depth reporting and analysis of Cycle tests often requires the use of a database to log all of the details of your Cycle executions, but not all users have a readily available database to use for this. Solution Cycle comes pre-packaged ...
    • My SSH terminal connections are failing in Cycle with error adding to known hosts file.

      Problem My SSH terminal connections are failing in Cycle with error adding to known hosts file. Solution SSH terminal connections use a known_hosts file stored in the user’s home directory to store server information when you establish an SSH ...