CA PPM 15.5.1 with SSL Problems

book

Article ID: 125229

calendar_today

Updated On:

Products

CLARITY PPM FOR ITG CLARITY PPM FEDERAL Clarity PPM SaaS - Application Clarity PPM On Premise

Issue/Introduction

After Upgrading to CA PPM 15.5.1 you will notice Processes which perform XOG operations fail. The BG-CA.log & process logs show the below error. 

    Exception in thread "main" javax.net.ssl.SSLHandshakeException: 
    extension (10) should not be presented in server_hello 
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) 
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) 
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) 
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) 
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255) 
    at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:71) 

Cause

This is a known Java Bug. For more Information: See JDK Bug System

Environment

CA PPM Release 15.5.1

Resolution

1. Upgrade your Java to Oracle JDK 11.0.2 from the Java Downloads 
2. Add -Djdk.tls.client.protocols=TLSv1.2 parameter to APP & BG JVM parameters in CSA and  Restart the services.

Additional Information

Note: 

1. You will encounter this problem only when you generate your SSL certificate using TLSv1.3. 
2. Ensure to get your SSL certificate generated using TLSv1.2 as CA PPM supports only TLSv1.2 with 15.5.1
3. The Resolution point 2 is applicable if you company still want to use certificate generated by TLSv1.3