I have webMethods 8.2 Integration server in which i have below configuration:
Now as per above configuration it can support sslv2,sslv3 and tls1 (let me know if it is not correct). But if i am trying to connect this IS from openssl then it is not working for tls1.
I have issued below command in opnessl
s_client -connect : -tls1
Loading ‘screen’ into random state - done
6748:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:.\ssl\s3_pkt.c:340:
However it is working fine if i use -ssl3.
I have also tried to increase the ssl log and find out below error in ssl log:
ssl_debug(85): Starting handshake (iSaSiLk 3.03)…
ssl_debug(85): Received v3 client_hello handshake message.
ssl_debug(85): Exception while handshaking:
ssl_debug(85): java.lang.ArrayIndexOutOfBoundsException: 1
ssl_debug(85): at iaik.security.ssl.bb.(Unknown Source)
ssl_debug(85): at iaik.security.ssl.cb.a(Unknown Source)
ssl_debug(85): at iaik.security.ssl.cb.(Unknown Source)
ssl_debug(85): at iaik.security.ssl.p.c(Unknown Source)
ssl_debug(85): at iaik.security.ssl.p.a(Unknown Source)
ssl_debug(85): at iaik.security.ssl.p.(Unknown Source)
ssl_debug(85): at iaik.security.ssl.h.c(Unknown Source)
ssl_debug(85): at iaik.security.ssl.h.d(Unknown Source)
ssl_debug(85): at iaik.security.ssl.e.c(Unknown Source)
ssl_debug(85): at iaik.security.ssl.SSLTransport.startHandshake(Unknown Source)
ssl_debug(85): at iaik.security.ssl.SSLTransport.getInputStream(Unknown Source)
ssl_debug(85): at iaik.security.ssl.SSLSocket.getInputStream(Unknown Source)
ssl_debug(85): at com.wm.app.b2b.server.ProtocolState.initSocket(ProtocolState.java:168)
ssl_debug(85): at com.wm.app.b2b.server.HTTPDispatch.getState(HTTPDispatch.java:214)
ssl_debug(85): at com.wm.app.b2b.server.Dispatch.run(Dispatch.java:293)
ssl_debug(85): at com.wm.util.pool.PooledThread.run(PooledThread.java:131)
ssl_debug(85): at java.lang.Thread.run(Unknown Source)
ssl_debug(85): Sending alert: Alert Fatal: handshake failure
ssl_debug(85): Shutting down SSL layer…
Please let me know what i am missing.
P.S. i have already tested same thing from most of the OpenSSL version so it is not OpenSSL issue.
Thanks in Advance
what is your exact IS version number?
What is your java version?
Are there any fixes applied to the IS?
Please check if you have an IS Core Fix applied that covers PIE-34054, which handles sslv3 POODLE issue.
Can you provide us the output of “openssl version”?
test with a browser (chrome), it will normally choose the highest version of TLS/SSL, so you can verify that TLS 1.0 is being use and working.
It’s very likely an incompatible issue between openssl and IS.
Please find the below answers:
what is your exact IS version number? – 18.104.22.168
What is your java version? – 1.6.0_27 (50.0)
Are there any fixes applied to the IS? – Yes
Please check if you have an IS Core Fix applied that covers PIE-34054, which handles sslv3 POODLE issue. – IS_8.2_SP2_Core_Fix7
Can you provide us the output of “openssl version”? – I have tried with below openssl version
please check if you have SCG_8.2_SP2_Entrust_Fix4 applied to your IS.
If not, please apply it.
Most likely you are hitting the following issue (extracted from Readme of the mentioned Fix):
Integration Server fails during TLSv1.0 SSL handshake.
Integration Server does not accept TLSv1.0 connections which forced
the clients to use SSLv3.0.
This issue is resolved.
I can see only below fix in the list.
Will it resolve the issue ?
do you mean the list of installed Fixes from SUM?
Unfortunately the issue is resolved with SCG_8.2_SP2_Entrust_Fix4, but not with SCG_8.2_SP2_Entrust_Fix3.
As 8.2 is in EOM-state it might be worth considering an upgrade to one of the recent wM 9.x versions.
I mean the list of fixes from empower which i can install.
Also we have already moved to webMethods 9.10 version but some interface are still running on 8.2 version and we want to fix this issue in 8.2 only.
than this is bad luck.
As long as you do not have an extended maintenance agreement for 8.2 in place you might not get any support for 8.2.
Due to this fact this might be the reason that you cannot see the fix.
Link to the fix in Empower:
Unfortunately we don’t have any extended agreement for 8.2.
Also i am not sure what is wrong because Fix4 is not available to install in SUM but when i click on “Available Fixes” in SUM then i can see the Fix4 in the list.
Anyway i appreciate the help which you have provided… will see another way(if there is any)
can you share the screenshot of your fix list from SUM?
When you say that you can see the Fix in the list of available Fixes, can you try to select it and apply it to your installation?