ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Persistent error every 5s after upgrade 10.1 - The size of the handshake message (64559) exceeds the maximum allowed size (32768)


Article ID: 225509


Updated On:


CA API Gateway


After the upgrade to API Gateway 10.1 we got a persistent error every 5 seconds in the spcc logs . :

2021-09-15T09:34:47.379+0200 INFO    1 com.l7tech.server.processcontroller.ProcessController: Getting API port from /opt/SecureSpan/Gateway/node/default/var/processControllerPort
2021-09-15T09:34:47.413+0200 WARNING 1 com.l7tech.server.processcontroller.p: default may still be starting, but API is throwing unexpected exceptions Could not send Message.
 at org.apache.cxf.jaxws.JaxWsClientProxy.mapException(
Caused by: SSLProtocolException invoking https://localhost:2124/ssg/services/processControllerNodeApi: The size of the handshake message (64559) exceeds the maximum allowed size (32768)
 at java.base/jdk.internal.reflect.GeneratedConstructorAccessor61.newInstance(Unknown Source


A  change in java  version 1.8.0_271  introduced a limit on the size of the TLS handshake messages the default of 32768 should be enough but if there are a lot of certificates in the cert store which have "signing client certificates" enabled the value will be to low.


Release : 10.1

Component :


To increase the  maxHandshakeMessageSize  add the following line to the startup script of the processcontroller.

cd /opt/SecureSpan/Controller/bin

chmod  755


add the following line 

PC_JAVAOPT="${PC_JAVAOPT} -Djdk.tls.maxHandshakeMessageSize=65536"

after the line 


save the file and reboot the server

The value for jdk.tls.maxHandshakeMessageSize must be greater than the value reported in the error message

restart the gateway process .