Xero - beautiful accounting software

Xero Developer Help Center

Xero Developer Community

Community > Getting Started >

SSL handshake exception

Started by Andrew Suppa -   in Getting Started

Hey everyone,

So I am experiencing something that is a bit weird. So I have a program we made that inserts Manual Journals and Invoices from our database into xero. It is a java application that we built in eclipse, and works well when I build and run it on my local machine using redirectURI as localhost.

The problem occurred when I tried to put it on our Jenkins server to be built and ran. When I access it and run it from our build server I get an SSL exception after we do the login for the oath 2 codes. We are using okhttp protocols.

Any insight on why this might be happening? Thanks!
Maybe some more information will help. We are running Java 1.8, which I know is old but it is what our programs were built on. Could this be causing any SSL Handshake Exceptions? Is there anything specifically that xero is looking for that would cause this to happen?

Again, this is only happening when the program is built and deployed on our Jenkins server, it runs just fine on my local machine with the redirect URI as localhost.

Thanks.
 

Andrew Suppa  

Hi Andrew. Not familiar with "okhttp" but assuming its a valid HTTPS enabled server, and your callback URI from Jenkins is predictable, and whitelisted in your /myapps dashboard for the specific API app I think that should work fine.

If you can elaborate on your specific error, please do. Or if you want to share your client id and we can look through logs you can contact us at: https://developer.xero.com/contact-xero-developer-platform-support/
 

Christopher Knight (Xero Staff)  

Hey, I did send you guys a message yesterday at that contact link, I would love to be able to look at the logs.

So I found that even when I run the program locally but change the Redirect URI From localhost to our website, https://www.smartscrubs.com, it causes the handshake exception as well. So it may be a problem with that? Any insight would be great, and I would like if we could look at logs too.

Since I already send a message to that contact us link I will wait for a reply and then supply my client ID, does that work?
 

Andrew Suppa  

Hi Andrew,

So in your API app dashboard, have you added both your smartscubs domain, and your jenkins domain as valid callback's?

https://developer.xero.com/app/manage/app/<uuid>

https://imgur.com/a/ZTNY1hF
 

Christopher Knight (Xero Staff)  

I may have been wrong to mention the jenkins server, because that is just a build a deploy server. After jenkins builds the app is then accessible on the www.smartscrubs.com domain. So all of the requests should be coming through there. There is just something happening during the Redirect that it does not like. I am pretty new to how SSL works and all that so I am kind of learning as I go.
 

Andrew Suppa  

Is your app's callback domain setup to match your smartsrubs domain?

I added a screenshot to confirm the location.
 

Christopher Knight (Xero Staff)  

Yea, it is set up exactly how it is with localhost, which works. For some reason we only get this error when it is running on the www.smartscrubs.com domain.
 

Andrew Suppa  

If the redirect URI was wrong it would not give me a SSL exception error, but an invalid redirect URI error.
 

Andrew Suppa  

Hey Andrew. I did a bit more research and looks like its an error originating in the HTTP library you are using.

https://ananich.pro/2020/06/how-to-bypass-javax-net-ssl-sslhandshakeexception/
 

Christopher Knight (Xero Staff)  

Yea this didn't fix anything. Used the latest version and tried something different. Im wondering if it could be because of Java 8, which only supports TLS1.2. Maybe there is no overlap in the TLS 1.2 ciphers that are supported by both.

Anymore insight? Or is this kind of problem pretty rare?
 

Andrew Suppa  

I've not seen this one before :( sorry I can't be more help.
 

Christopher Knight (Xero Staff)  

I wanted to add this in case anyone experiences this in the future.

The problem was Java 8. Java 8 only supports TLS 1.2 and our server and Xero's server could not find a cipher/TLS version combo that they both supported. Updated to Java 11 solved this problem.

Thanks for the help.
 

Andrew Suppa  

Thanks for coming back to update for others in the community!
 

Christopher Knight (Xero Staff)