Now as per above configuration it can support sslv2,sslv3 and tls1 (let me know if it is not correct). But if i am trying to connect this IS from openssl then it is not working for tls1.
I have issued below command in opnessl
s_client -connect : -tls1
Output :
Loading ‘screen’ into random state - done
CONNECTED(00000184) 6748:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:.\ssl\s3_pkt.c:340:
However it is working fine if i use -ssl3.
I have also tried to increase the ssl log and find out below error in ssl log:
ssl_debug(85): Starting handshake (iSaSiLk 3.03)…
ssl_debug(85): Received v3 client_hello handshake message.
ssl_debug(85): Exception while handshaking:
ssl_debug(85): java.lang.ArrayIndexOutOfBoundsException: 1
ssl_debug(85): at iaik.security.ssl.bb.(Unknown Source)
ssl_debug(85): at iaik.security.ssl.cb.a(Unknown Source)
ssl_debug(85): at iaik.security.ssl.cb.(Unknown Source)
ssl_debug(85): at iaik.security.ssl.p.c(Unknown Source)
ssl_debug(85): at iaik.security.ssl.p.a(Unknown Source)
ssl_debug(85): at iaik.security.ssl.p.(Unknown Source)
ssl_debug(85): at iaik.security.ssl.h.c(Unknown Source)
ssl_debug(85): at iaik.security.ssl.h.d(Unknown Source)
ssl_debug(85): at iaik.security.ssl.e.c(Unknown Source)
ssl_debug(85): at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
ssl_debug(85): at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)
ssl_debug(85): at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)
ssl_debug(85): at com.wm.app.b2b.server.ProtocolState.initSocket(ProtocolState.java:168)
ssl_debug(85): at com.wm.app.b2b.server.HTTPDispatch.getState(HTTPDispatch.java:214)
ssl_debug(85): at com.wm.app.b2b.server.Dispatch.run(Dispatch.java:293)
ssl_debug(85): at com.wm.util.pool.PooledThread.run(PooledThread.java:131)
ssl_debug(85): at java.lang.Thread.run(Unknown Source)
ssl_debug(85): Sending alert: Alert Fatal: handshake failure
ssl_debug(85): Shutting down SSL layer…
Please let me know what i am missing.
P.S. i have already tested same thing from most of the OpenSSL version so it is not OpenSSL issue.
Please check if you have an IS Core Fix applied that covers PIE-34054, which handles sslv3 POODLE issue. – IS_8.2_SP2_Core_Fix7
Can you provide us the output of “openssl version”? – I have tried with below openssl version
openssl-1.0.1c
openssl-1.0.1e
openssl-1.0.1e
openssl-1.0.1g
openssl-1.0.1h
please check if you have SCG_8.2_SP2_Entrust_Fix4 applied to your IS.
If not, please apply it.
Most likely you are hitting the following issue (extracted from Readme of the mentioned Fix):
PIE-33369
Integration Server fails during TLSv1.0 SSL handshake.
Integration Server does not accept TLSv1.0 connections which forced
the clients to use SSLv3.0.
This issue is resolved.
As long as you do not have an extended maintenance agreement for 8.2 in place you might not get any support for 8.2.
Due to this fact this might be the reason that you cannot see the fix.
Unfortunately we don’t have any extended agreement for 8.2.
Also i am not sure what is wrong because Fix4 is not available to install in SUM but when i click on “Available Fixes” in SUM then i can see the Fix4 in the list.
Anyway i appreciate the help which you have provided… will see another way(if there is any)