TLS handshake EOF when connecting to private IBM WebSphere endpoint (works when SSL verification disabled)

Element Papiro·15 hours ago

Needs ReproductionBugImprovement

Description

I’m experiencing a TLS connection error when trying to send a request to a private internal service through VPN.

The service is hosted on an internal IBM WebSphere environment. The endpoint works correctly in other API clients such as Postman and Bruno.

In Bruno, the request only works when SSL/TLS Certificate Verification is disabled. If it is enabled, the request fails with a TLS error.

In Yaak, I also disabled “Validate TLS certificates”, but the request still fails with the same TLS handshake error.

Yaak fails to send the request even when trying to connect to the same endpoint.

For security reasons I cannot share the exact URL because it is a private internal endpoint.

Error

Request: https://xxx.xxx.xxx.xxx:xxxx/dev/serv/com.xxx.xxxxx.xxxxxx

Failed to send request:

Client error: reqwest::Error { kind: Request, source: hyper_util::client::legacy::Error( Connect, Custom { kind: Other, error: Custom { kind: UnexpectedEof, error: “tls handshake eof” } } ) }

Steps to Reproduce

Connect to a corporate VPN
Send a request to a private HTTPS endpoint (server TLSV1.0) hosted on IBM WebSphere
Disable “Validate TLS certificates” in Yaak
Attempt the request from Yaak
The TLS handshake fails with the error above

Expected Behavior

The request should succeed when TLS certificate validation is disabled, similar to other API clients.

Actual Behavior

The request fails with a TLS handshake EOF error even when “Validate TLS certificates” is disabled.

Environment

Yaak version: Release 2026.3.1
OS: macOS Tahoe 26.3.1 arm64
VPN: FortiClient
Target service: internal IBM WebSphere HTTPS endpoint

Additional Notes

The same request works correctly in Postman.
In Bruno it only works if SSL/TLS certificate verification is disabled.
In Yaak the same configuration (Validate TLS certificates disabled) still results in the TLS handshake error.
This suggests the server might be using a self-signed certificate or an internal CA.

macOSRelease 2026.3.1

Comments (2)

Gregory Schier

changed status toNeeds Reproduction·14 hours ago

Can you let me know what version of tls the server is using?

Element PapiroOP·an hour ago

Thanks for the quick reply.

The server appears to be using TLS 1.0. This is an internal legacy service hosted on IBM WebSphere and currently only supports TLSv1.0.

In other API clients:

Postman works without any changes
Bruno works only when SSL/TLS certificate verification is disabled

In Yaak, even with “Validate TLS certificates” disabled, the request fails with:

tls handshake eof

This suggests the failure might be related to TLS version negotiation, not only certificate validation.

Could it be that Yaak (or the underlying reqwest/rustls stack) does not allow TLS 1.0 / legacy TLS versions?

If so, is there any way to enable legacy TLS support for testing purposes?

By the way, I really like Yaak and its UX. The TLS limitation is currently the main reason why I haven’t migrated all my projects to Yaak yet, since I still have to interact with some legacy enterprise services like this one.

If support for this scenario were available (even as an optional setting), I would definitely move more of my workflows to Yaak and recommend it to several colleagues who are also looking for alternatives to Postman.

Thanks again for the great work on the project!