Can't accessing API Gateway via Policy Manager after Java update

book

Article ID: 224960

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

There could be cases where older version of Gateway (as for example 9.0) are unable to be connected via Policy Manager post a Java upgrade.

Connection may fail with an handshake error like screenshot below:

Logs may show error like the following:

 WARNING: Handshake failure: The server selected protocol version TLS10 is not accepted by client preferences [TLS12]

or

Caused by: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: java.lang.SecurityException: Algorithm not allowable in FIPS140 mode: FIPS186Random

 

Cause

The reason behind the failure, simply is because older versions of our product, out of the box, have enable only TLS 1.0 on port 8443 and 9443. This causes a conflict with newer version of Java clients, as Oracle did deprecated/disabled TLS 1.0 algorithm since is considered a non-secure TLS version.

Environment

Release : 9.0 and older

Component : API GATEWAY

Resolution

Solution would require to configure the Java client to use deprecated TLS (please follow the vendor instruction for that) or temporarily use an older version of Java to gain access to Gateway via Policy Manager.

Once successfully connected, enabled TLS 1.1/1.2 on the desired port (e.g. 9443) via Task > Manage Listen Port > [PORT] >  SSL/TLS Settings

Attachments