Can't accessing API Gateway via Policy Manager after Java update
Article ID: 224960
Updated On:
Products
Issue/Introduction
There could be cases where older version of Gateway (as for example 9.0) are unable to be connected via Policy Manager post a Java upgrade.
Connection may fail with an handshake error like screenshot below:
Logs may show error like the following:
WARNING: Handshake failure: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]
or
Caused by: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: FIPS186Random
Environment
Release : 9.0 and older
Component : API GATEWAY
Cause
The reason behind the failure, simply is because older versions of our product, out of the box, have enable only TLS 1.0 on port 8443 and 9443. This causes a conflict with newer version of Java clients, as Oracle did deprecated/disabled TLS 1.0 algorithm since is considered a non-secure TLS version.
Resolution
Solution would require to configure the Java client to use deprecated TLS (please follow the vendor instruction for that) or temporarily use an older version of Java to gain access to Gateway via Policy Manager.
Once successfully connected, enabled TLS 1.1/1.2 on the desired port (e.g. 9443) via Task > Manage Listen Port > [PORT] > SSL/TLS Settings
,
Feedback
