SSL version issue when calling broker securely from Java stub

leonard.solomyak · February 11, 2022, 3:48pm

What product/components do you use and which version/fix level?

EntireX 10.7

Are you using a free trial or a product with a customer license?

Licensed to customer

What are trying to achieve? Please describe in detail.

Call broker securely from Java stub

Do you get any error messages? Please provide a full error message screenshot and log file.

Good day,

We enabled the secure connection on the broker 107 and tested the connection from the Java app that was supplied with the entirex.jar from the broker installation.

The app was initially working via the insecure connection, but via the secure connection the call was terminated with the error

0013 0313

that is general network transfer error,
while on the broker side the following error was received:

“SSL_accept: 336130315 error:1408F10B:SSL routines:ssl3_get_record:wrong version number”

To our knowledge the app’ Java environment is using TLS1.2 , while we are still looking how to specify the encryption protocol version on the broker side, as I think it is set to SSL3 by default.

We are also looking how to refer to the broker certificate in the BROKERID transport level notation used in the app (as the documentation describes only URL notation to reference the certificate).

error_log.txt (172.8 KB)
ETB100.LOG (21.1 KB)
stub props

Christoph_Schauermann · February 15, 2022, 10:26am

Please check the ETB100 Broker Attribute file to see the Cipher-Suite setting: Broker Attributes (softwareag.com)
The BrokerID used in the Java client can be defined like that: Using the Broker ID in Applications (softwareag.com)

Please tell us the exact build numbers of the participants (Broker seems to be unpatched, Java client? → version number and environment information is shown at the very beginning of the error_log.txt).
Maybe it make sense to open a support ticket.

Best regards, Christoph

leonard.solomyak · February 15, 2022, 10:47am

Good day Christoph

Broker is unpatched, on he original Version 10.7.0.0 (the log is actually included into this topic in a first place)
Also, it was mentioned that Java client is using the entirex.jar from the broker

I cannot find in the documentation section you are referring to the pointer to the truststore for the transport method style broker id …

The customer has opened the support ticket.

Thank you for the response.

leonard.solomyak · March 3, 2022, 10:39am

Good day,

Specifying the restricted protocols to none in java.security and insuring the right cyphers on the server side resolved the issue.

Appreciate everyone’ input.
Leonard

system · June 1, 2022, 10:39am

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.