Is there any way to make a JDK1.6 client or a BW 5.9.2 HTTPS client connect to a server which disables SSLv2 hello?
Article ID: KB0093854
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | - |
| Not Applicable | - |
Description
Description:
JDK1.6 clients have issues connecting to a server which disables SSLv2, i.e. BW 5.13.
Symptoms:
BW 5.9.2 uses JDK 1.6, which by default packages TLS 1.0 requests in a SSLv2 hello when J2SE is used. After testing, it is seen that if not tls1.0 but SSLv3 hello is sent by Tomcat using JDK1.6, it would not use SSLv2 hello.
Cause:
BW 5.9.2 sends TLSv1 by default when J2SE is used. We could not disable TLSv1 and make it send SSLv3. There seems to be no way for a BW 5.9.2 HTTPS client using J2SE to connect to a server which disables SSLv2 hello.
Resolution
Due to a Poodle vulnerability, the customer should not use anything less than TLSV1. Use Entrust, and Tomcat if HTTP is needed. BW does not send SSLv2 hello which helps BW 5.9.2. Fail with J2SE in BW 5.9.2, but succeed with Entrust since it does not send SSLv2 hello. Otherwise, you must either upgrade the BW JRE version or enable SSLv2 hello on the server side to help JDK 1.6 clients and BW 5.9, which uses J2SE.
Issue/Introduction
Is there any way to make a JDK1.6 client or a BW 5.9.2 HTTPS client connect to a server which disables SSLv2 hello?
Feedback
Yes
No
Powered by
