Broadcom API Gateway: Clients with Java JDK 6 experience handshake failures when trying to connect to Gateway 10 CR3

book

Article ID: 225469

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

Clients using JDK 6 are experiencing handshake failures when connecting to Gateway 10 CR3

Cause

Most recents version of Gateway are coded to support only stronger and secure communication protocols and ciphers. 

Broadcom published all features that have been deprecated in Gateway 10 under the following product document section:

Deprecated Features and Support: https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-0/release-notes/deprecated-features-and-support.html 

Some of the new security restrictions may impact clients using outdated/unsafe protocols, like for example the following one:

"...Removed SSL Protocols Beginning with Gateway version 10.0 CR3, the following SSL protocols that were deprecated earlier have been removed from Gateway: SSLv2, SSLv3, and SSLv2 Compatible Client Hello. We recommend you to use TLS 1.2 or higher instead..."

Environment

Release : 10.0

Component : CR3

Resolution

Earlier versions of JDK 6 do not support TLS 1.2 handshake out of the box. JDK 6 introduced support for TLS 1.2 starting from update 121 (JDK 6u121)

Reference: https://www.oracle.com/java/technologies/javase/6-relnotes.html#R160_121 

Hence, clients that would like to continue using JDK 6, are required to update to version 121 or higher.