Some customers reported that when using "Invoke REST API" activity to send HTTPS requests to the REST Server, the "Invoke REST API" will not send SNI (server name indication) in TLS Client Hello with TRA 5.10 (bundled with JRE 1.8.0). In this case, the SSL handshake will fail. Below is the issue description:

1. Normal request test with JRE 1.7.0: We can see Extension server_name, server_name: [host_name: www.google.com] in the ClientHello, Test with TRA 5.10, BW 5.13, JRE 1.7.0

=======
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1485044311 bytes = { 128, 1, 60, 254, 23, 18, 18, 66, 199, 188, 16, 57, 9, 55, 192, 137, 178, 150, 21, 162, 122, 237, 127, 231, 254, 163, 191, 124 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 
...........
secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
Extension server_name, server_name: [host_name: www.google.com]
***
=======

2. Problematic request test with TRA 5.10, BW 5.13 JRE 1.8.0: No Extension server name, in this case, the customer is unable to invoke the REST Server as the Server will reject this request.

=======
*** ClientHello, TLSv1.2
RandomCookie:  GMT: 1485044311 bytes = { 128, 1, 60, 254, 23, 18, 18, 66, 199, 188, 16, 57, 9, 55, 192, 137, 178, 150, 21, 162, 122, 237, 127, 231, 254, 163, 191, 124 }
Session ID:  {}
Cipher Suites: [TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, 
...........
secp224k1, sect239k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
Extension signature_algorithms, signature_algorithms: SHA1withECDSA, SHA1withRSA, SHA1withDSA, MD5withRSA
***
=======
 

Sometimes the "Invoke REST API" activity will not send SNI (server name indication) in TLS Client Hello with JRE 1.8.0 which causes SSL Handshake failed

Operation Systems: All TRA: 5.10

This issue is due to a defect in JRE 1.8, the customer will encounter this issue in TRA 5.10 which is bundled with an early version of JRE 1.8.0. This issue has been fixed in JRE 1.8.0_116. Customer can go to TIBCO_HOME/tibcojre64/1.8.0, find out and open the "release" file, and check "JAVA_VERSION" in the release file which shows the detailed JRE version. If the version is smaller than 1.8.0_116, there are two options to resolve this issue:

Option 1: Customer can manually download the latest JRE newer than 1.8.0_116. Below are the steps, we use current JRE 1.8.0_152 as the example.

1. Download JRE 1.8.0_152 from Oracle download site http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

2. Install JRE 1.8.0_152, for example on support end the installation folder is C:/Program Files/Java/jre1.8.0_152.

3. In Design time, open the designer.tra file, and modify JVM related properties like below
========
tibco.env.JVM_LIB_DIR C:/Program Files/Java/jre1.8.0_152/bin/server

tibco.env.JVM_LIB_SERVER_DIR C:/Program Files/Java/jre1.8.0_152/bin/server

tibco.env.JVM_LIB_PATH C:/Program Files/Java/jre1.8.0_152/bin/server/jvm.dll

tibco.env.TIB_JAVA_HOME C:/Program Files/Java/jre1.8.0_152

tibco.env.CUSTOM_PATH C:/Program Files/Java/jre1.8.0_152/bin

tibco.env.PATH C:/Program Files/Java/jre1.8.0_152/bin

========

4. For runtime customer can modify the same properties in bwengine.tra file, or application.tra file.

Option 2: Customer can also upgrade their TRA version to TRA 5.10.1 and above, in this case, the JRE 1.8.0 bundled in the newer version of TRA will be upgraded as well.