Skip to main content

IFSAPP 8 - Supplier Verification and CIS tax report submission

We have suddenly started to get the failure

1:javax.net.ssl.SSLException: Received close_notify during handshake

on the application messages that are connecting to the HMRC Transaction-engine.tax.service

Last successful message on 9th May 10:01 - first failure at 13:31 the same day.

Last year we implemented an additional Java parameter (-DUseSunHttpHandler=True) that forced a change to TLS 1.2 after HMRC withdrew support for TLS 1.0, and system has been working ever since.

 

Anyone else having this issue? Any clues? :) 

Hi Lawrence,

Same situation here IFS APPS 8. Last successful message was 9th May 12:13 and failures thereafter on the 10th May.

Our Live and Test machines exhibit the same failures:

1:javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake

 

We also implemented the java parameter last year for TLS 1.2.

The only suspicious thing I can see so far is that HMRC renewed their certificate recently but I cant see how that would impact this process.

 


Hi NGGMACHINT

I also noticed the Certificate change and have been wondering whether to add this new certificate to the java certificate store on the middleware server. I used the excellent https://testtls.com/ to scan the HMRC transaction engine URL which shows up the new certificate and lists all manner of potentially interesting snippets about the TLS process. I have logged a case with IFS Support and am waiting for some feedback from them.

With respect to the certificate question, I have spent more hours than I care to count, checking and updating the cert store, and have never fixed anything with it. So without specific knowledge I am reluctant to repeat that. My suspicion currently tends towards a change in supported encryption schemes, but I’m not able to support that with diagnostics. 


Update: IFS Support are saying to install the new HMRC Certificate into the middleware server java keystore


Hi Lawrence,  

 

Thanks for the update. On our side we have attempted to add the certificate to our keystore but it has not helped I’ll keep you updated on any developments from our side.

Cheers


Hi Lawrence,

One of our customers (App8) has flagged the same issue. Have you been able to resolve this, please?

Kind regards,
Wathsala


Reply