HTTPS enabled Administrator domain fails with "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake

HTTPS enabled Administrator domain fails with "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure".

book

Article ID: KB0094405

calendar_today

Updated On:

Products	Versions
TIBCO Administrator	-
Not Applicable	-

Description

Description:
HTTPS enabled TIBCO Administrator domain fails with "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure" error in the Administrator.log.
Symptoms:

TIBCO Administrator throws the following exception in the Administrator.log and the Administrator console output:

********************************************************************************************************************************************

http-11043-Processor24, SEND TLSv1 ALERT: fatal, description = handshake_failure

http-11043-Processor24, WRITE: TLSv1 Alert, length = 2

http-11043-Processor24, called closeSocket()

http-11043-Processor24, handling exception: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported

http-11043-Processor24, called close()

http-11043-Processor24, called closeInternal(true)

Thread-55, READ: TLSv1 Alert, length = 2

Thread-55, RECV TLSv1 ALERT: fatal, handshake_failure

Thread-55, called closeSocket()

Thread-55, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

********************************************************************************************************************************************

Cause:

The SSL handshake between the Browser and Administrator Server fail because the browser is trying to communicate using SSLv3, which is not enabled in Administrator.

Resolution

You need to enable the "SSLv3" protocol support in Administrator by changing the sslProtocol="SSLv3" (instead of "TLS") in <TIBCO_HOME>/administrator/domain/<domain_name>/tomcat/conf/server.xml .

NOTE: After a POODLE security vulnerability, from a security point of view it is recommended not to use SSLv3.0. Most new browsers do not support SSLv3. We have release a HF in TRA to disable address POODLE. For more details about the POODLE HF, refer to LBN:42079

Issue/Introduction

HTTPS enabled Administrator domain fails with "javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure".

Additional Information

LBN:42079

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"