Commodore
Commodore
239 views

Certificates stop working after applying patch

Jump to solution

Hi All,

I have a customer that is on 9.35.0012 RTE that has SSL/SSO implemented and working as expected. The recently updated to Patch 2. After the upgrade the SSL/SSO stopped working. With the help of Support I have leanred that I needed to add "sslProtocols:SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2" to the ini and now SSL/SSO works as it did in 9.35.0012.  I have not been able to final anything in the release notes to why I need to add the sslProtocol.  Can anyone explain to me why the change.

0 Likes
1 Solution

Accepted Solutions
Micro Focus Expert
Micro Focus Expert

The only way you would see this error "handling exception: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled" would be to turn on '-Djavax.net.debug=ssl' in the sm.ini and check the 'sm_<PID>stdouterr.log'  .  Without that parameter the error is more of the generic Received fatal alert: handshake_failure

View solution in original post

0 Likes
4 Replies
Fleet Admiral
Fleet Admiral

It was due to the POODLE Vulnerability.  Assuming you have access, here is the link to the knowledge article:

 

https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM01235509R

0 Likes
Admiral
Admiral

Hello PSCSupport,

Tom is correct about POODLE Vulnerabiltiy.

Most of the time when security issues are fixed not all of them are explained on the release notes detailed just to prevent malicious attacks to older versions.

Based on your post you were probably dealing with

javax.xml.soap.SOAPException: Message send failed - Received fatal alert: handshake_failure

handling exception: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled

Cause
There is a conflict with the cipher suites being used. Usually this is due to the fact that the application server deploying the Webtier is using an older JRE while the Service Manager Server RTE is using JRE 8.x.

Hope this helps.

SM Support Engineer

Thank you for using the Micro Focus Community. If you find that this or any post resolves your issue, please be sure to mark it as an "accept as solution".
0 Likes
Micro Focus Expert
Micro Focus Expert

The only way you would see this error "handling exception: javax.net.ssl.SSLHandshakeException: SSLv2Hello is disabled" would be to turn on '-Djavax.net.debug=ssl' in the sm.ini and check the 'sm_<PID>stdouterr.log'  .  Without that parameter the error is more of the generic Received fatal alert: handshake_failure

View solution in original post

0 Likes
Commodore
Commodore

Thanks everyone

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.