Hi
We are using webMethods 7.1.3 version at patch IS_7.1.3_Core_Fix12 on OS Windows Server 2008 R2 in production environment.
One of our partners has disabled SSLV3 because of the poodle bug. So they have asked us to switch from SSLV3 to TLS for sending outbound messages. Presently we are using HTTPS for sending outbound messages to that partner.
Error description:
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure
We have already tried the following:
-
watt.security.ssl.client.ignoreEmptyAuthoritiesList=true is already set.
-
watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.client.handshake.minVersion=sslv2
watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.client.handshake.minVersion=tls
Both these settings have already been tried and they are giving the same error.
-
enttoollkit.jar file is already present in the servers.
-
watt.ssl.iaik.clientAllowUnboundRenegotiate=false
watt.ssl.iaik.serverAllowUnboundRenegotiate=false
These settings are still false
Following are the ssl debug logs for different levels of handshake version:
SSL Debug logs when watt.net.ssl.client.handshake.minVersion=sslv2
ssl_debug(2): Starting handshake (iSaSiLk 3.03)…
ssl_debug(2): Sending secure renegotiation cipher suite
ssl_debug(2): Sending v2 client_hello message, requesting version 3.1…
ssl_debug(2): Received alert message: Alert Fatal: handshake failure
ssl_debug(2): SSLException while handshaking: Peer sent alert: Alert Fatal: hand
shake failure
ssl_debug(2): Shutting down SSL layer…
SSL Debug los when watt.net.ssl.client.handshake.minVersion=tls
ssl_debug(1): Starting handshake (iSaSiLk 3.03)…
ssl_debug(2): Starting handshake (iSaSiLk 3.03)…
ssl_debug(3): Starting handshake (iSaSiLk 3.03)…
ssl_debug(3): Sending secure renegotiation cipher suite
ssl_debug(2): Sending secure renegotiation cipher suite
ssl_debug(1): Sending secure renegotiation cipher suite
ssl_debug(3): Sending v3 client_hello message, requesting version 3.1…
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1…
ssl_debug(2): Sending v3 client_hello message, requesting version 3.1…
ssl_debug(3): Received alert message: Alert Fatal: handshake failure
ssl_debug(1): Received alert message: Alert Fatal: handshake failure
ssl_debug(2): Received alert message: Alert Fatal: handshake failure
ssl_debug(3): SSLException while handshaking: Peer sent alert: Alert Fatal: hand
shake failure
ssl_debug(1): SSLException while handshaking: Peer sent alert: Alert Fatal: hand
shake failure
ssl_debug(2): SSLException while handshaking: Peer sent alert: Alert Fatal: hand
shake failure
ssl_debug(3): Shutting down SSL layer…
ssl_debug(1): Shutting down SSL layer…
ssl_debug(2): Shutting down SSL layer…
The customer has already confirmed that there are no changes in certificates or IP/URLs.
Any information regarding this will be highly appreciated.
Thanks and Regards
Kunal Dey