Access Gateway(SPS) is Firing the Proxy Rule but Showing SSL Error in Logs: Noodle Exception

book

Article ID: 207307

calendar_today

Updated On:

Products

SITEMINDER

Issue/Introduction

We have an issue with SPS where a proxy rule is being fired as per the logs but in the browser we see below error in the browser:

CA Access Gateway - Error Report

Error Details

Request URI

: /settings/consent

Error Type

: SPS Exception

Error Code

: Noodle_CouldNotConnectToBackEndServer

Error Message

: No connection to backend server due to lack of processing threads at SPS.

 

Error in the trace logs says: 

[12/23/2020][12:23:59][2604][3868][51023fac-477a03da-59228372-dce178a8-8cbc2b3e-b6][releaseConnection(): ][Released connection is not reusable.]
[12/23/2020][12:23:59][2604][3868][51023fac-477a03da-59228372-dce178a8-8cbc2b3e-b6][execute][]
[12/23/2020][12:23:59][2604][3868][51023fac-477a03da-59228372-dce178a8-8cbc2b3e-b6][Noodle::doGet][java.lang.NullPointerException    at com.ca.sso.smssl.socket.SMSSLSocketImpl.setupSSLContext(SMSSLSocketImpl.java:202)]
[12/23/2020][12:23:59][2604][3868][51023fac-477a03da-59228372-dce178a8-8cbc2b3e-b6][ErrorPageImpl::displayMessage][Custom Error Pages : Custom message is not an URL. If URL is specified then it might not be in proper format. Considering it as plain text message.]

Cause

An invalid protocol, TLSv1.3, was specified first in the 'versions' parameter in server.conf.

Environment

Release : 12.8.03

Component : SITEMINDER SECURE PROXY SERVER

Resolution

Problem only occurred when TLS 1.3 was specified first in the (protocol) version parameter in server.conf. Since TLS 1.3 is not currently a supported protocol, this is an invalid configuration and should be avoided.

Additional Information

Current 12.8x releases (through 12.8.5) of Access Gateway support TLS versions up to and including 1.2.