webMethods

 View Only
Expand all | Collapse all

Error while trying to enable TLS V1.2 support for mediator - Handshake failure

  • 1.  Error while trying to enable TLS V1.2 support for mediator - Handshake failure

    Posted Tue November 27, 2018 06:52 AM

    Hi,
    We are trying to enable TLS V1.2 support for a single virtualized outbound webservice. In order to achieve this, below change have been done on the mediator IS

    Properties added under the extended settings
    watt.net.jsse.client.enabledCipherSuiteList=default
    watt.net.jsse.client.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
    watt.net.jsse.server.enabledCipherSuiteList=default
    watt.net.jsse.server.enabledProtocols=SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2
    watt.net.ssl.client.cipherSuiteList=default
    watt.net.ssl.client.handshake.maxVersion=tls
    watt.net.ssl.client.handshake.minVersion=tls
    watt.net.ssl.client.hostnameverification=false
    watt.net.ssl.client.strongcipheronly=true
    watt.net.ssl.server.cipherSuiteList=default
    watt.net.ssl.server.clientHandshakeTimeout=20000
    watt.net.ssl.server.handshake.maxVersion=tls
    watt.net.ssl.server.handshake.minVersion=tls
    watt.net.ssl.server.strongcipheronly=false

    Fix level of the server - IS_9.7_Core_Fix19

    Code - While invoking the connector service, the useJSSE property is set to “yes”

    Below is the error logged in the wrapper.log file, once we execute the transaction.
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Starting handshake (iSaSiLk 3.03)…
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Remote client:10.21.36.215:8443, Timestamp:Tue Nov 27 12:39:06 AST 2018
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Sending secure renegotiation cipher suite
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Sending v3 client_hello message, requesting version 3.1…
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Received alert message: Alert Fatal: handshake failure
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): SSLException while handshaking: Peer sent alert: Alert Fatal: handshake failure
    INFO | jvm 3 | 2018/11/27 12:39:06 | ssl_debug(1): Shutting down SSL layer…

    As per the logs, the request is not going out using the TLS V1.2 and hence the same is failing.

    Please Note: Same settings have been done on the IS and all non-virtualized outbound WS calls are working as expected.

    Looking forward to your responses for resolving the issue.

    Thanks & Regards,
    Anwit Daityari


    #API-Management
    #webMethods
    #webMethods-X-Broker-Mediator-Forum