search cancel

Gateway set CWP security.fips.enabled blocks TLS connection to MySQL ssg Database


Article ID: 255964


Updated On:


CA API Gateway


We are using Software Install on RHEL 7.

We are working on an upgrade to 10.1 CR2.  Enabling CWP(cluster wide property) security.fips.enabled=true seems to block connection to MySQL ssg database.  We are able to run the install, then run the CR2 patch, then install our policy bundles and CWPs.  This sets security.fips.enabled to true.  When we restart, the Gateway comes up, but when we try to connect with Policy Manager, the requests to the database do not work:

2022-12-07T12:26:49.991-0500 WARN    171 org.hibernate.engine.jdbc.spi.SqlExceptionHelper: SQL Error: 0, SQLState: null
2022-12-07T12:26:49.992-0500 ERROR   171 org.hibernate.engine.jdbc.spi.SqlExceptionHelper: Connections could not be acquired from the underlying database! 

The following parameters is set in the




Release : 10.1


Adding the following to /opt/SecureSpan/Gateway/node/default/etc/conf/

jdk.tls.namedGroups=ecp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192

Then restart the Gateway.