webMethods

webMethods

Join this online group to communicate across IBM product users and experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

Error while trying to enable TLS V1.2 support for mediator - Handshake failure

  • 1.  Error while trying to enable TLS V1.2 support for mediator - Handshake failure

    Posted Tue November 27, 2018 06:52 AM

    Hi,
    We are trying to enable TLS V1.2 support for a single virtualized outbound webservice. In order to achieve this, below change have been done on the mediator IS

    Properties added under the extended settings
    watt.net.jsse.client.enabledCipherSuiteList=default
    watt.net.jsse.client.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
    watt.net.jsse.server.enabledCipherSuiteList=default
    watt.net.jsse.server.enabledProtocols=SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2
    watt.net.ssl.client.cipherSuiteList=default
    watt.net.ssl.client.handshake.maxVersion=tls
    watt.net.ssl.client.handshake.minVersion=tls
    watt.net.ssl.client.hostnameverification=false
    watt.net.ssl.client.strongcipheronly=true
    watt.net.ssl.server.cipherSuiteList=default
    watt.net.ssl.server.clientHandshakeTimeout=20000
    watt.net.ssl.server.handshake.maxVersion=tls
    watt.net.ssl.server.handshake.minVersion=tls
    watt.net.ssl.server.strongcipheronly=false

    Fix level of the server - IS_9.7_Core_Fix19

    Code - While invoking the connector service, the useJSSE property is set to “yes”

    Below is the error logged in the wrapper.log file, once we execute the transaction.
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Starting handshake (iSaSiLk 3.03)…
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Remote client:10.21.36.215:8443, Timestamp:Tue Nov 27 12:39:06 AST 2018
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Sending secure renegotiation cipher suite
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Sending v3 client_hello message, requesting version 3.1…
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Received alert message: Alert Fatal: handshake failure
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Shutting down SSL layer…

    As per the logs, the request is not going out using the TLS V1.2 and hence the same is failing.

    Please Note: Same settings have been done on the IS and all non-virtualized outbound WS calls are working as expected.

    Looking forward to your responses for resolving the issue.

    Thanks & Regards,
    Anwit Daityari


    #API-Management
    #webMethods
    #webMethods-X-Broker-Mediator-Forum