When activating SSL on DUAS node, the command fails :

>unissl SET -enable on -msport 4443

Enabling SSL mode for the node.
Error updating information with UVMS.
SSL configuration unchanged (off)

The log contains the following line :

| 2021-05-27 12:16:19 |ERROR|X|ssl|pid=1868.1976| o_update_uvms_specif | Update is unable to connect to UVMS: 200

When setting the log level to 3 the following error is displayed in universe.log:

| 2021-06-17 18:09:25 |ERROR|X|ssl|pid=16476.16400| o_connect_ssl             | ssl session connect error, SSL connect error, error:1411809D:SSL routines:SSL_CHECK_SERVERHELLO_TLSEXT:tls invalid ecpointformat list

Release : 6.10

Component : DOLLAR UNIVERSE

This is a bug in the implementation of SSL in DUAS which causes a problem when connecting to UVMS.

There are 2 possible solutions:

1. Update the file <java>\conf\security\java.security in the Java folder that is used by UVMS

   • To disable all EC algorithms, replace

     #jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
     #    DH keySize < 1024, EC keySize < 224, 3DES_EDE_CBC, anon, NULL, \
     #    include jdk.disabled.namedCurves

     by

     jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, \
         DH keySize < 1024, EC, 3DES_EDE_CBC, anon, NULL, \
         include jdk.disabled.namedCurves

   • To support TLSv1/TLSv1.1 protocols, remove TLSv1 and TLSv1.1 from the jdk.tls.disabledAlgorithms list and add them to the jdk.tls.legacyAlgorithms
2. Downgrade the Java version that UVMS is using to Java 1.8.0_111