Have a keystore that is used with IAM, Enterprise Dashboard, Registry and Portal. All work with no errors.
Using the same keystore with VS Catalog and get " ERR_SSL_VERSION_OR_CIPHER_MISMATCH"
Turned on SSL debug by adding property -Djavax.net.debug=ssl to the vscatalog.vmoptions file to see the below error in the log file:
%% Initialized: [Session-36, SSL_NULL_WITH_NULL_NULL]
XNIO-2 task-36, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated: [Session-36, SSL_NULL_WITH_NULL_NULL]
XNIO-2 task-36, SEND TLSv1.2 ALERT: fatal, description = handshake_failure
XNIO-2 task-36, WRITE: TLSv1.2 Alert, length = 2
XNIO-2 I/O-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
XNIO-2 I/O-6, called closeInbound()
XNIO-2 I/O-6, fatal: engine already closed. Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
XNIO-2 I/O-6, called closeOutbound()
XNIO-2 I/O-6, closeOutboundInternal()
DevTest 10.6.0 and up
All supported platforms
Needed to disable some cipher suites
Commented out and added these properties in the VSCAT_HOME/jre/lib/security/java.security file: (around line 536 in the file)
# Commented out
#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768
# Added below 2 lines
jdk.certpath.disabledAlgorithms=TLSv1, SSLv3, DSA, DESede, DES, MD2, MD5, RSA keySize < 1024
jdk.tls.disabledAlgorithms=TLSv1, MD5, SSLv3, RC4, MD5withRSA, DSA, DESede, DH keySize < 768, RSA keySize < 1024
After the change restart the VS Catalog.