SSL Handshake fails while using TLSv1.3 ciphers

SSL Handshake fails while using TLSv1.3 ciphers

book

Article ID: KB0072054

calendar_today

Updated On:

Products Versions
TIBCO BusinessEvents Enterprise Edition 5.6.0 and Higher

Description

While performing SSL Handshake with TLSv1.3 it fails with below error:

-------------
 ERROR ingrian.internal.session.SocketConnector - handshakeCompleted: SSL handshake did not complete within alloted time {}
javax.net.ssl.SSLHandshakeException: extension (5) should not be presented in certificate_request
-------------

Issue/Introduction

While performing SSL Handshake with TLSv1.3 it fails with error.

Resolution

TLSv1.3 is supported from java 11.0.8 and further.

refer: https://www.petefreitag.com/item/918.cfm

BE 6.x supports TLSv1.1/TLSv1.2/TLSv1.3 (Defaults to TLS(TLSv1.1) if not specified.)
Note- TIBCO BE 5.6.0 is shipped with Java 1.8.0 and BE 5.6.1 and later are Shipped with Java "11.0.13".


Workaround:
Restrict the TLS version to TLSv1.2 by adding the below property in .tra file
-    jdk.tls.client.protocols=TLSv1.2