SSL handshake fails due to TLSv1 used on IBM JDK

SSL handshake fails due to TLSv1 used on IBM JDK

SSL handshake failure caused by wrong TLS version used by Mule. This article explains how to force Mule runtime running on IBM JDK to use TLSv1.1/1.2.

SYMPTOM

Mule server is running on IBM JDK. When making an outbound call to Salesforce which only supports TLSv1.2, the following error is received:

javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure 
at com.ibm.jsse2.k.a(k.java:15) ~[?:8.0 build_20180305] 
at com.ibm.jsse2.k.a(k.java:23) ~[?:8.0 build_20180305] 
at com.ibm.jsse2.av.b(av.java:343) ~[?:8.0 build_20180305] 

CAUSE

TLSv1 is used by IBM JDK to make the external HTTP call. 

SOLUTION
Please specify the supported TLS version using the following system parameters:

jdk.tls.client.protocols=TLSv1.1,TLSv1.2
https.protocols=TLSv1.1,TLSv1.2