Activating SSL on DUAS fails with: Update is unable to connect to UVMS: 200
search cancel

Activating SSL on DUAS fails with: Update is unable to connect to UVMS: 200


Article ID: 217764


Updated On:


CA Automic Dollar Universe


When activating SSL on DUAS node, the command fails :

>unissl SET -enable on -msport 4443

Enabling SSL mode for the node.
Error updating information with UVMS.
SSL configuration unchanged (off)

The log contains the following line :

| 2021-05-27 12:16:19 |ERROR|X|ssl|pid=1868.1976| o_update_uvms_specif | Update is unable to connect to UVMS: 200

When setting the log level to 3 the following error is displayed in universe.log:

| 2021-06-17 18:09:25 |ERROR|X|ssl|pid=16476.16400| o_connect_ssl             | ssl session connect error, SSL connect error, error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list


Release : 6.10



This is a bug in the implementation of SSL in DUAS which causes a problem when connecting to UVMS.


There are 2 possible solutions:

  1. Update the file <java>\conf\security\ in the Java folder that is used by UVMS
    • To disable all EC algorithms, replace

      #jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
      #    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
      #    include jdk.disabled.namedCurves


      jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
          DH keySize < 1024, EC, 3DES_EDE_CBC, anon, NULL, \
          include jdk.disabled.namedCurves

    • To support TLSv1/TLSv1.1 protocols, remove TLSv1 and TLSv1.1 from the jdk.tls.disabledAlgorithms list and add them to the jdk.tls.legacyAlgorithms
  2. Downgrade the Java version that UVMS is using to Java 1.8.0_111