Error message: The size of the handshake message (64559) exceeds the maximum allowed size (32768)
search cancel

Error message: The size of the handshake message (64559) exceeds the maximum allowed size (32768)

book

Article ID: 225509

calendar_today

Updated On:

Products

CA API Gateway

Issue/Introduction

After upgrading the Gateway to 10.1 version the below error shows up every 5 seconds in the spcc logs . :

INFO    1 com.l7tech.server.processcontroller.ProcessController: Getting API port from /opt/SecureSpan/Gateway/node/default/var/processControllerPort
WARNING 1 com.l7tech.server.processcontroller.p: default may still be starting, but API is throwing unexpected exceptions
javax.xml.ws.WebServiceException: Could not send Message.
 at org.apache.cxf.jaxws.JaxWsClientProxy.mapException(JaxWsClientProxy.java:183)
 ....
Caused by: javax.net.ssl.SSLProtocolException: SSLProtocolException invoking https://localhost:2124/ssg/services/processControllerNodeApi: The size of the handshake message (64559) exceeds the maximum allowed size (32768)
 at java.base/jdk.internal.reflect.GeneratedConstructorAccessor61.newInstance(Unknown Source

Environment

Release : 10.1

Component :

Cause

The new setting in Java version 1.8.0_271 introduced a limit on the size of the TLS handshake message with a default size of 32768. The default value is good enough but if there are a lot of certificates in the cert store which have "signing client certificates" enabled then this value should be adjusted.

Resolution

To increase the  maxHandshakeMessageSize  add the following line to the startup script of the processcontroller.

cd /opt/SecureSpan/Controller/bin

chmod  755  processcontroller.sh

vi processcontroller.sh

add the following line 

PC_JAVAOPT="${PC_JAVAOPT} -Djdk.tls.maxHandshakeMessageSize=65536"

after the line 

ADD_OPENS="--add-opens=jdk.crypto.ec/sun.security.ec=ALL-UNNAMED"
PC_JAVAOPT="${ADD_OPENS} -Djava.security.egd=file:/dev/./urandom"

save the file and reboot the server

The value for jdk.tls.maxHandshakeMessageSize must be greater than the value reported in the error message

Restart the gateway server (restarting the gateway service is not enough)