After upgrading the Gateway to 10.1 version the below error shows up every 5 seconds in the spcc logs . :
INFO 1 com.l7tech.server.processcontroller.ProcessController: Getting API port from /opt/SecureSpan/Gateway/node/default/var/processControllerPort
WARNING 1 com.l7tech.server.processcontroller.p: default may still be starting, but API is throwing unexpected exceptions
javax.xml.ws.WebServiceException: Could not send Message.
at org.apache.cxf.jaxws.JaxWsClientProxy.mapException(JaxWsClientProxy.java:183)
....
Caused by: javax.net.ssl.SSLProtocolException: SSLProtocolException invoking https://localhost:2124/ssg/services/processControllerNodeApi: The size of the handshake message (64559) exceeds the maximum allowed size (32768)
at java.base/jdk.internal.reflect.GeneratedConstructorAccessor61.newInstance(Unknown Source
Release : 10.1
Component :
The new setting in Java version 1.8.0_271 introduced a limit on the size of the TLS handshake message with a default size of 32768. The default value is good enough but if there are a lot of certificates in the cert store which have "signing client certificates" enabled then this value should be adjusted.
To increase the maxHandshakeMessageSize add the following line to the startup script of the processcontroller.
cd /opt/SecureSpan/Controller/bin
chmod 755 processcontroller.sh
vi processcontroller.sh
add the following line
PC_JAVAOPT="${PC_JAVAOPT} -Djdk.tls.maxHandshakeMessageSize=65536"
after the line
ADD_OPENS="--add-opens=jdk.crypto.ec/sun.security.ec=ALL-UNNAMED"
PC_JAVAOPT="${ADD_OPENS} -Djava.security.egd=file:/dev/./urandom"
save the file and reboot the server
The value for jdk.tls.maxHandshakeMessageSize must be greater than the value reported in the error message
Restart the gateway server (restarting the gateway service is not enough)