Outbound Invoices failing in UAT environment

David_Krivohlavy · December 10, 2019, 4:32am

Hi,

I’ve inherited this existing wM Installation and am not completely sure of many processes happening in it.

We have a current issue in our UAT environment message as follows:
“Task m105ro00dr23ue8i000000t6 failed at Dec 2, 2019 2:35:08 PM: Probable reason for failure - Delivery service for m105ro00dr23ue8i000000t6 failed with a status of fail and status message of com.wm.app.b2b.server.ServiceException: javax.net.ssl.SSLHandshakeException: Server chose TLSv1, but that protocol version is not enabled or not supported by the client…”

Client is on TLSv1, but our UAT Environment is sending out on TSLv1.2. How do I change the protocol of the invoices that we send out ??

Cheers,
David

Mike_Ng · December 10, 2019, 6:50am

Hi,

https://techcommunity.softwareag.com/pwiki/-/wiki/Main/Debugging%20TLS%20or%20SSL%20connections%20in%20Integration%20Server

David_Krivohlavy · December 10, 2019, 7:52am

Thanks Mike,

Much appreciated

David_Krivohlavy · December 11, 2019, 1:27am

Hi,

I changed the extended settings to the following, but, I am still getting the same exception

Extended Settings
Key=Value
watt.debug.level=Info
watt.net.jsse.client.enabledCipherSuiteList=default
watt.net.jsse.client.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.jsse.server.enabledCipherSuiteList=default
watt.net.jsse.server.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.ssl.client.cipherSuiteList=default
watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.client.handshake.minVersion=tls
watt.net.ssl.client.hostnameverification=false
watt.net.ssl.client.strongcipheronly=false
watt.net.ssl.server.cipherSuiteList=default
watt.net.ssl.server.clientHandshakeTimeout=20000
watt.net.ssl.server.handshake.maxVersion=tls
watt.net.ssl.server.handshake.minVersion=tls

Can anyone help please ??

Mike_Ng · December 11, 2019, 4:45am

Hi David,

Since you’ve already tried so, maybe it’s a good idea to raise support incident to the SAG Global Support team in your region to get their assistance.

Holger_von_Thomsen · December 11, 2019, 7:03pm

Hi David,

please provide your wM version with Fix Level.

Provide the current value for watt.net.useJSSE as TLS v1.1 and TLS v1.2 are only available when running on Java 7 and newer and have useJSSE set to true.

Check in Empower for KB article related to POODLE to see if your wM version can handle this and which Fixes are required for that.

During TLS Handschake the server and the client should start with TLS v1.2, and if this does not succeed, then going down to TLS v1.1 and finally TLS v1.0.
Looks like the Server is not accepting the TLS v1.0 any longer when you are the client or vice versa.

Additionally you should set strongCipherOnly to true for more security.

Regards,
Holger

David_Krivohlavy5 · December 11, 2019, 9:29pm

Hi Holger,

Version & Fix Level:
Version 9.6.0.0
Updates IS_9.6_Core_Fix7
Build Number 294
SSL Strong (128-bit)

watt.net.useJSSE is not listed in our Extended Settings. Is this something that can be manually added to the config.file ??