Switch from sslv3 to tls for outbound transactions

Hi

We are using webMethods 7.1.3 version at patch IS_7.1.3_Core_Fix12 on OS Windows Server 2008 R2 in production environment.
One of our partners has disabled SSLV3 because of the poodle bug. So they have asked us to switch from SSLV3 to TLS for sending outbound messages. Presently we are using HTTPS for sending outbound messages to that partner.

Error description:
iaik.security.ssl.SSLException: Peer sent alert: Alert Fatal: handshake failure

We have already tried the following:

  1. watt.security.ssl.client.ignoreEmptyAuthoritiesList=true is already set.

  2. watt.net.ssl.client.handshake.maxVersion=tls
    watt.net.ssl.client.handshake.minVersion=sslv2

watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.client.handshake.minVersion=tls
Both these settings have already been tried and they are giving the same error.

  1. enttoollkit.jar file is already present in the servers.

  2. watt.ssl.iaik.clientAllowUnboundRenegotiate=false
    watt.ssl.iaik.serverAllowUnboundRenegotiate=false
    These settings are still false

Following are the ssl debug logs for different levels of handshake version:

SSL Debug logs when watt.net.ssl.client.handshake.minVersion=sslv2

ssl_debug(2): Starting handshake (iSaSiLk 3.03)…
ssl_debug(2): Sending secure renegotiation cipher suite
ssl_debug(2): Sending v2 client_hello message, requesting version 3.1…
ssl_debug(2): Received alert message: Alert Fatal: handshake failure
ssl_debug(2): SSLException while handshaking: Peer sent alert: Alert Fatal: hand
shake failure
ssl_debug(2): Shutting down SSL layer…


SSL Debug los when watt.net.ssl.client.handshake.minVersion=tls

ssl_debug(1): Starting handshake (iSaSiLk 3.03)…
ssl_debug(2): Starting handshake (iSaSiLk 3.03)…
ssl_debug(3): Starting handshake (iSaSiLk 3.03)…
ssl_debug(3): Sending secure renegotiation cipher suite
ssl_debug(2): Sending secure renegotiation cipher suite
ssl_debug(1): Sending secure renegotiation cipher suite
ssl_debug(3): Sending v3 client_hello message, requesting version 3.1…
ssl_debug(1): Sending v3 client_hello message, requesting version 3.1…
ssl_debug(2): Sending v3 client_hello message, requesting version 3.1…
ssl_debug(3): Received alert message: Alert Fatal: handshake failure
ssl_debug(1): Received alert message: Alert Fatal: handshake failure
ssl_debug(2): Received alert message: Alert Fatal: handshake failure
ssl_debug(3): SSLException while handshaking: Peer sent alert: Alert Fatal: hand
shake failure
ssl_debug(1): SSLException while handshaking: Peer sent alert: Alert Fatal: hand
shake failure
ssl_debug(2): SSLException while handshaking: Peer sent alert: Alert Fatal: hand
shake failure
ssl_debug(3): Shutting down SSL layer…
ssl_debug(1): Shutting down SSL layer…
ssl_debug(2): Shutting down SSL layer…


The customer has already confirmed that there are no changes in certificates or IP/URLs.

Any information regarding this will be highly appreciated.

Thanks and Regards
Kunal Dey

I have replied it on your other thread…please check it.

Hi,

I’m having the same issue with IS 8.2
Can you please provide a link to the other thread?

Hi dmarkoski

Please refer to the following link: Switch from sslv3 to tls for outbound transactions - webMethods - Software AG Tech Community & Forums

Regards
Kunal Dey

Thanks Kunal for the helping hand.