Can't accessing API Gateway via Policy Manager after Java update
search cancel

Can't accessing API Gateway via Policy Manager after Java update


Article ID: 224960


Updated On:


CA API Gateway


There could be cases where older version of Gateway (as for example 9.0) are unable to be connected via Policy Manager post a Java upgrade.

Connection may fail with an handshake error like screenshot below:

Logs may show error like the following:

 WARNING: Handshake failure: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]


Caused by: java.lang.RuntimeException: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: FIPS186Random



Release : 9.0 and older

Component : API GATEWAY


The reason behind the failure, simply is because older versions of our product, out of the box, have enable only TLS 1.0 on port 8443 and 9443. This causes a conflict with newer version of Java clients, as Oracle did deprecated/disabled TLS 1.0 algorithm since is considered a non-secure TLS version.


Solution would require to configure the Java client to use deprecated TLS (please follow the vendor instruction for that) or temporarily use an older version of Java to gain access to Gateway via Policy Manager.

Once successfully connected, enabled TLS 1.1/1.2 on the desired port (e.g. 9443) via Task > Manage Listen Port > [PORT] >  SSL/TLS Settings