I'm having an issue with an application using TLSv1.2 for authentication.If I enforce TLSv1.2 from WebSphere, the connection breaks -> handshake failure, it works only when I let it choose the encryption by itself and then it defaults to TLSv1. The error I receive during the handshake is "fatal error: 40: null cert chain". I checked the certificates multiple times and everything is alright. What is strange, it seems that I receive the handshake error before sending the private key for authentication. Here is part of the logs

O ***
O *** CertificateRequest
O Cert Types: RSA, DSS, ECDSA
O Supported Signature Algorithms: SHA512withECDSA, SHA512withRSA, SHA384withECDSA, SHA384withRSA, SHA256withECDSA, SHA256withRSA, SHA224withECDSA, SHA224withRSA, SHA1withECDSA, SHA1withRSA, SHA256withDSA, SHA1withDSA
O Cert Authorities:
O <CN=GeoTrust SSL CA - G3, O=GeoTrust Inc., C=US>
O <CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US>
O <CN=server.ibm.com, C=f>
O <CN=GeoTrust Global CA, O=GeoTrust Inc., C=US>
O <OU=Equifax Secure Certificate Authority, O=Equifax, C=US>
O <OID.0.9.2342.19200300.100.1.3=admin@ibm.com, UID=O05699826, CN=server.x.ibm.com, OU=DST, O=ibm.com, L=c, ST=c, C=f>
O <CN=bluepages.ibm.com, O=International Business Machines Corporation, L=Armonk, ST=New York, C=US>
O <CN=IBM INTERNAL INTERMEDIATE CA, O=International Business Machines Corporation, C=US>
O <CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US>
O <CN=GeoTrust TLS RSA CA G1, OU=www.digicert.com, O=DigiCert Inc, C=US>
O <CN=bluepages.ibm.com, O=INTERNATIONAL BUSINESS MACHINES CORPORATION, L=Armonk, ST=New York, C=US>
O <CN=IBM Internal Root CA, O=International Business Machines Corporation, C=US>
O <CN=DigiCert Global Root G2, OU=www.digicert.com, O=DigiCert Inc, C=US>
O <CN=server.x.ibm.com, OU=servNode01Cell, OU=servNode01, O=IBM, C=US>
O *** ServerHelloDone
O WebContainer : 2, WRITE: TLSv1.2 Handshake, length = 5463
O WebContainer : 2, READ: TLSv1.2 Handshake, length = 269
O *** Certificate chain
O ***
O WebContainer : 2, fatal error: 40: null cert chain javax.net.ssl.SSLHandshakeException: null cert chain
O %% Invalidated:  [Session-16, SSL_RSA_WITH_AES_128_CBC_SHA]
O WebContainer : 2, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
O WebContainer : 2, WRITE: TLSv1.2 Alert, length = 2
O WebContainer : 2, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: null cert chain
O Using SSLEngineImpl.
O 
Is initial handshake: true
O WebContainer : 2, READ: TLSv1.2 Handshake, length = 139
O *** ClientHello, TLSv1.2
O RandomCookie:  GMT: 0 bytes = { 222, 141, 37, 241, 84, 199, 234, 83, 182, 22, 56, 247, 14, 244, 168, 252, 148, 189, 7, 165, 230, 159, 64, 106, 15, 199, 247, 218 }
O Session ID:  {}
O Cipher Suites: [TLS_EMPTY_RENEGOTIATION_INFO_SCSV, SSL_RSA_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_AES_256_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_AES_128_GCM_SHA256, SSL_RSA_WITH_AES_256_GCM_SHA384, SSL_RSA_WITH_AES_128_CBC_SHA256, SSL_RSA_WITH_AES_256_CBC_SHA256, SSL_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA256, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384, SSL_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256, SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384, SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA]
O Compression Methods:  { 0 }
Extension signature_algorithms, signature_algorithms: SHA224withRSA, SHA256withRSA, SHA384withRSA, SHA512withRSA, SHA224withECDSA, SHA256withECDSA, SHA384withECDSA, SHA512withECDSA, SHA1withECDSA, SHA1withRSA, SHA1withDSA
O Extension elliptic_curves, curve names: {secp256r1, secp384r1, secp521r1}
O Extension ec_point_formats, formats: [uncompressed]
O Unsupported extension type_22, data: 
O ***
O %% Initialized:  [Session-17, SSL_NULL_WITH_NULL_NULL]
O ssl: ServerHandshaker.setupPrivateKeyAndChain RSA
O matching alias: servsslkey256
O ssl: ServerHandshaker.setupPrivateKeyAndChain, chooseEngineServerAlias servsslkey256
O ssl: ServerHandshaker.setupPrivateKeyAndChain, return true
O %% Negotiating:  [Session-17, SSL_RSA_WITH_AES_128_CBC_SHA]
O JsseJCE:  Using MessageDigest SHA-256 from provider IBMJCE version 1.8
O *** ServerHello, TLSv1.2
O RandomCookie:  GMT: 1566907826 bytes = { 213, 249, 14, 38, 207, 172, 0, 231, 100, 252, 42, 216, 16, 59, 191, 47, 91, 116, 200, 40, 102, 186, 252, 173, 203, 116, 156, 84 }
O Session ID:  {93, 101, 30, 178, 73, 205, 139, 235, 42, 20, 159, 59, 185, 152, 215, 165, 121, 41, 92, 56, 239, 125, 62, 206, 191, 27, 173, 50, 124, 254, 126, 31}
O Cipher Suite: SSL_RSA_WITH_AES_128_CBC_SHA
O Compression Method: 0
O Extension renegotiation_info, ri_length: 0, ri_connection_data: { null }
O ***
O Cipher suite:  SSL_RSA_WITH_AES_128_CBC_SHA
O *** Certificate chain
O chain [0] = [