After upgrade from API gateway 9.3 to 9.4, outbound https connection fails with error:
Error msg: Unable to obtain HTTP response from <https URL>: Remote host closed connection during handshake. Caused by: SSL peer shut down incorrectly.
When test handshake with curl command,
curl -kv <https URL>
connection successful but using 3DES cipher.
Release : 9.4
Component : API GTW ENTERPRISE MANAGER
From gateway 9.4, 3DES cipher suites are removed, as per the JDK upgrade,
https://www.oracle.com/technetwork/java/javase/8u171-relnotes-4308888.html#JDK-8175075
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_RSA_WITH_3DES_EDE_CBC_SHA
TLS_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
And the gateway will not provide any configuration to re-enable them for security concerns.
Upgrade/configure the remote host(backend server) to disable 3DES cipher suites and support stronger cipher suites.