Connection fails for Windchill and ThingWorx Navigate with error "SSL_verify_client_post_handshake:extension not received" due to TLSv1.3 post handshake behavior change

• ptc-windchill-integration-connector shows a failed status in Monitoring within ThingWorx Composer
• Logging into ThingWorx Composer  or Windchill Navigate presents a blank page after successful login
• ptc-windchill-integration-connector ValidateConnection services fails with 403-Forbidden:

• Connection fails for Windchill and Thingworx Navigate due to TLSv1.3 post handshake behavior change
• Windchill with CAC PKI authentication, fails with error Error 403 Forbidden while performing the authentication
  • Error in Browser:

Forbidden - You don't have permission to access this resource. Reason: Cannot perform Post-Handshake Authentication

• For Windchill after updating OpenSSL to 1.1.1x version, Windchill Apache [out of the box] will use TLSv1.3 in Chrome and Firefox browser; however Chrome and Firefox does not support post-handshake authentication
• While executing GetEndpointDefinition Service in ThingWorx Navigate configured with Windchill authentication (Windchill as IdP) connection fails with Error in Browser in ThingWorx Navigate
  • This behavior occurs in all browsers
• HTTP operation failed with status [403 - Forbidden] error occurs after changing ThingWorx Java from Oracle JDK to Amazon Corretto JDK (or vice versa)
• Error while searching part in Thingworx Navigate as below -

We can’t complete your request due to connection problems

• Error in <ThingworxStorage>/logs/ApplicationLog.log:

Unable to execute service GetEndpointDefinition on WindchillSwaggerConnectorThing: Your route exchange has failed.  HTTP operation failed with status [403 - Forbidden]

• Error in <Windchill>/HTTPServer/logs/error.log:

[ssl:error] [pid 18516:tid 3016] [client <IP Address>:<Port>] AH10158: cannot perform post-handshake authentication
[ssl:error] [pid 18516:tid 3016] SSL Library Error: error:14268117:SSL routines:SSL_verify_client_post_handshake:extension not received

• Error in <Windchill>/HTTPServer/logs/access.log:

<IP Address> - - [TIME/DATE] "GET /Windchill/sslClientAuth/servlet/rest/swagger.json?wt.effectiveUid=Administrator HTTP/1.1" 403 258 0

• Error in <ThingworxNavigate>\IRLogs\IntegrationRuntime-<serial>.log:

[ClientProcessor-4] ERROR c.t.i.r.IntegrationEngine - Exchange process failed with exception thrown : Your route exchange has failed.  HTTP operation failed with status [403 - Forbidden]
java.lang.RuntimeException: Your route exchange has failed.  HTTP operation failed with status [403 - Forbidden]
                at com.twx.integration.route.exceptions.ExceptionHelper.convertToRuntimeException(ExceptionHelper.java:77)
                at com.twx.integration.route.IntegrationEngine.dispatchRoute(IntegrationEngine.java:159)
                at com.twx.integration.client.things.IntegrationRuntimeServer.Invoke(IntegrationRuntimeServer.java:72)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
                at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
                at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
                at java.base/java.lang.reflect.Method.invoke(Method.java:566)
                at com.thingworx.common.processors.ReflectionProcessor.processService(ReflectionProcessor.java:261)
                at com.thingworx.communications.client.things.VirtualThing.invokeService(VirtualThing.java:1120)
                at com.thingworx.communications.client.things.VirtualThing.handleServiceRequest(VirtualThing.java:1028)
                at com.thingworx.communications.client.ConnectedThingClient.handleRequest(ConnectedThingClient.java:315)
                at com.thingworx.communications.client.processor.ClientProcessorTask.run(ClientProcessorTask.java:55)
                at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
                at java.base/java.util.concurrent.FutureTask.run(FutureTask.java:264)
                at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
                at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
                at java.base/java.lang.Thread.run(Thread.java:829)