Installing TIBCO MFT Internet Server or Command Center version 8.2.1 as a hotfix while using IBM Java

Installing TIBCO MFT Internet Server or Command Center version 8.2.1 as a hotfix while using IBM Java

book

Article ID: KB0076087

calendar_today

Updated On:

Products Versions
TIBCO Managed File Transfer Internet Server 8.2.1

Description

The https protocol handler does not start when applying service pack 8.2.1 [ SPMFT821 ] as a hotfix when using IBM Java. The following error is written in the catalina.out file:

SEVERE [main] org.apache.catalina.util.LifecycleBase.handleSubClassException Failed to initialize component [Connector[com.proginet.sift.tomcat.Http11NioProtocol-5243]]
 org.apache.catalina.LifecycleException: Protocol handler initialization failed
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:983)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
    at org.apache.catalina.core.StandardService.initInternal(StandardService.java:535)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
    at org.apache.catalina.core.StandardServer.initInternal(StandardServer.java:1059)
    at org.apache.catalina.util.LifecycleBase.init(LifecycleBase.java:136)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:584)
    at org.apache.catalina.startup.Catalina.load(Catalina.java:607)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:90)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:55)
    at java.lang.reflect.Method.invoke(Method.java:508)
    at org.apache.catalina.startup.Bootstrap.load(Bootstrap.java:306)
    at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:491)
Caused by: java.lang.IllegalArgumentException: None of the [ciphers] specified are supported by the SSL engine : [[]]
    at org.apache.tomcat.util.net.SSLUtilBase.getEnabled(SSLUtilBase.java:143)
    at org.apache.tomcat.util.net.SSLUtilBase.<init>(SSLUtilBase.java:117)
    at org.apache.tomcat.util.net.jsse.JSSEUtil.<init>(JSSEUtil.java:114)
    at org.apache.tomcat.util.net.jsse.JSSEUtil.<init>(JSSEUtil.java:109)
    at org.apache.tomcat.util.net.jsse.JSSEImplementation.getSSLUtil(JSSEImplementation.java:50)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.createSSLContext(AbstractJsseEndpoint.java:88)
    at org.apache.tomcat.util.net.AbstractJsseEndpoint.initialiseSsl(AbstractJsseEndpoint.java:71)
    at org.apache.tomcat.util.net.NioEndpoint.bind(NioEndpoint.java:227)
    at org.apache.tomcat.util.net.AbstractEndpoint.bindWithCleanup(AbstractEndpoint.java:1116)
    at org.apache.tomcat.util.net.AbstractEndpoint.init(AbstractEndpoint.java:1129)
    at org.apache.coyote.AbstractProtocol.init(AbstractProtocol.java:557)
    at org.apache.coyote.http11.AbstractHttp11Protocol.init(AbstractHttp11Protocol.java:74)
    at org.apache.catalina.connector.Connector.initInternal(Connector.java:980)
    ... 13 more

Note: This article does not apply for fresh installs. It only applies to scenarios where the customer is upgrading to version 8.2.1 by applying it as a hotfix.

Environment

All supported environments

Resolution

MFT version 8.2.1 upgraded to Apache Tomcat 9. The new Tomcat server only supports TLS ciphers. Replacing SSL ciphers with TLS ciphers in the "ciphers" field of the <install folder>/server/conf/server.xml file resolves this issue.

Replace the following parameter values:

ciphers="​SSL​_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,​SSL​_ECDHE_RSA_WITH_AES_256_CBC_SHA384,​SSL​_RSA_WITH_AES_256_CBC_SHA256,​SSL​_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,​SSL​_ECDH_RSA_WITH_AES_256_CBC_SHA384,​SSL​_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,​SSL​_ECDHE_RSA_WITH_AES_256_CBC_SHA,​SSL​_RSA_WITH_AES_256_CBC_SHA,​SSL​_ECDH_ECDSA_WITH_AES_256_CBC_SHA,​SSL​_ECDH_RSA_WITH_AES_256_CBC_SHA,​SSL​_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,​SSL​_ECDHE_RSA_WITH_AES_128_CBC_SHA256,​SSL​_RSA_WITH_AES_128_CBC_SHA256,​SSL​_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,​SSL​_ECDH_RSA_WITH_AES_128_CBC_SHA256,​SSL​_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,​SSL​_ECDHE_RSA_WITH_AES_128_CBC_SHA,​SSL​_RSA_WITH_AES_128_CBC_SHA,​SSL​_ECDH_ECDSA_WITH_AES_128_CBC_SHA,​SSL​_ECDH_RSA_WITH_AES_128_CBC_SHA,​SSL​_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,​SSL​_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,​SSL​_ECDHE_RSA_WITH_AES_256_GCM_SHA384,​SSL​_RSA_WITH_AES_256_GCM_SHA384,​SSL​_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,​SSL​_ECDH_RSA_WITH_AES_256_GCM_SHA384,SSL_ECDHE_RSA_WITH_AES_128_GCM_SHA256,SSL_RSA_WITH_AES_128_GCM_SHA256,​SSL​_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,​SSL_ECDH_RSA_WITH_AES_128_GCM_SHA256"

With the following parameter values:

ciphers="​TLS​_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384,​TLS​_ECDHE_RSA_WITH_AES_256_CBC_SHA384,​TLS​_RSA_WITH_AES_256_CBC_SHA256,​TLS​_ECDH_ECDSA_WITH_AES_256_CBC_SHA384,​TLS​_ECDH_RSA_WITH_AES_256_CBC_SHA384,​TLS​_ECDHE_ECDSA_WITH_AES_256_CBC_SHA,​TLS​_ECDHE_RSA_WITH_AES_256_CBC_SHA,​TLS​_RSA_WITH_AES_256_CBC_SHA,​TLS​_ECDH_ECDSA_WITH_AES_256_CBC_SHA,​TLS​_ECDH_RSA_WITH_AES_256_CBC_SHA,​TLS​_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,​TLS​_ECDHE_RSA_WITH_AES_128_CBC_SHA256,​TLS​_RSA_WITH_AES_128_CBC_SHA256,​TLS​_ECDH_ECDSA_WITH_AES_128_CBC_SHA256,​TLS​_ECDH_RSA_WITH_AES_128_CBC_SHA256,​TLS​_ECDHE_ECDSA_WITH_AES_128_CBC_SHA,​TLS​_ECDHE_RSA_WITH_AES_128_CBC_SHA,​TLS​_RSA_WITH_AES_128_CBC_SHA,​TLS​_ECDH_ECDSA_WITH_AES_128_CBC_SHA,​TLS​_ECDH_RSA_WITH_AES_128_CBC_SHA,​TLS​_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,​TLS​_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,​TLS​_ECDHE_RSA_WITH_AES_256_GCM_SHA384,​TLS​_RSA_WITH_AES_256_GCM_SHA384,​TLS​_ECDH_ECDSA_WITH_AES_256_GCM_SHA384,​TLS​_ECDH_RSA_WITH_AES_256_GCM_SHA384,​TLS​_ECDHE_RSA_WITH_AES_128_GCM_SHA256,​TLS​_RSA_WITH_AES_128_GCM_SHA256,​TLS​_ECDH_ECDSA_WITH_AES_128_GCM_SHA256,​TLS​_ECDH_RSA_WITH_AES_128_GCM_SHA256"

Issue/Introduction

The https protocol handler does not start when applying service pack 8.2.1 [ SPMFT821 ] as a hotfix when using IBM Java.
Powered by Wolken Software