We are using Software Install on RHEL 7.
We are working on an upgrade to 10.1 CR2. Enabling CWP(cluster wide property) security.fips.enabled=true seems to block connection to MySQL ssg database. We are able to run the install, then run the CR2 patch, then install our policy bundles and CWPs. This sets security.fips.enabled to true. When we restart, the Gateway comes up, but when we try to connect with Policy Manager, the requests to the database do not work:
2022-12-07T12:26:49.991-0500 WARN 171 org.hibernate.engine.jdbc.spi.SqlExceptionHelper: SQL Error: 0, SQLState: null
2022-12-07T12:26:49.992-0500 ERROR 171 org.hibernate.engine.jdbc.spi.SqlExceptionHelper: Connections could not be acquired from the underlying database!
The following parameters is set in the node.properties:
l7.mysql.url.parameters.extra=&useSSL=true&requireSSL=true&verifyServerCertificate=false&enabledTLSProtocols=TLSv1.2
Release : 10.1
Adding the following to /opt/SecureSpan/Gateway/node/default/etc/conf/system.properties
jdk.tls.namedGroups=ecp256r1, secp384r1, secp521r1, ffdhe2048, ffdhe3072, ffdhe4096, ffdhe6144, ffdhe8192
Then restart the Gateway.