search cancel

Getting error "ERR_SSL_VERSION_OR_CIPHER_MISMATCH" from VS Catalog (VSC)

book

Article ID: 215876

calendar_today

Updated On:

Products

Service Virtualization

Issue/Introduction

Have a keystore that is used with IAM, Enterprise Dashboard, Registry and Portal.  All work with no errors.

Using the same keystore with VS Catalog and get " ERR_SSL_VERSION_OR_CIPHER_MISMATCH"

Turned on SSL debug by adding property -Djavax.net.debug=ssl to the vscatalog.vmoptions file to see the below error in the log file:

%% Initialized:  [Session-36, SSL_NULL_WITH_NULL_NULL]
XNIO-2 task-36, fatal error: 40: no cipher suites in common
javax.net.ssl.SSLHandshakeException: no cipher suites in common
%% Invalidated:  [Session-36, SSL_NULL_WITH_NULL_NULL]
XNIO-2 task-36, SEND TLSv1.2 ALERT:  fatal, description = handshake_failure
XNIO-2 task-36, WRITE: TLSv1.2 Alert, length = 2
XNIO-2 I/O-6, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLHandshakeException: no cipher suites in common
XNIO-2 I/O-6, called closeInbound()
XNIO-2 I/O-6, fatal: engine already closed.  Rethrowing javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
XNIO-2 I/O-6, called closeOutbound()
XNIO-2 I/O-6, closeOutboundInternal()

Environment

DevTest 10.6.0 and up

All supported platforms

Cause

Needed to disable some cipher suites

Resolution

Commented out and added these properties in the VSCAT_HOME/jre/lib/security/java.security file: (around line 536 in the file)

# Commented out 
#jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768

# Added below 2 lines
jdk.certpath.disabledAlgorithms=TLSv1, SSLv3, DSA, DESede, DES, MD2, MD5, RSA keySize < 1024 
jdk.tls.disabledAlgorithms=TLSv1, MD5, SSLv3, RC4, MD5withRSA, DSA, DESede, DH keySize < 768, RSA keySize < 1024

After the change restart the VS Catalog.