TIBCO Managed File Transfer Internet Server 8.1.x and 8.0.x connecting to BridgerFTP.lexisnexis.com
Article ID: KB0076089
Updated On:
| Products | Versions |
|---|---|
| TIBCO Managed File Transfer Internet Server | 8.1.x,8.0.x |
Description
TIBCO Managed File Transfer Internet Server on 8.1.x and 8.0.x encounter an error while connecting to the public server BridgerFTP.lexisnexis.com.
Error message on the error events and the catalina logs:
com.maverick.ssh.SshException: Incoming packet length of 518538448 bytes violates our maximum packet threshold of 131328 [Unknown cause]
This is encountered on 8.1.x and 8.0.x. This was resolved in MFT 8.2.0.
Error message on the error events and the catalina logs:
com.maverick.ssh.SshException: Incoming packet length of 518538448 bytes violates our maximum packet threshold of 131328 [Unknown cause]
This is encountered on 8.1.x and 8.0.x. This was resolved in MFT 8.2.0.
Issue/Introduction
TIBCO Managed File Transfer Internet Server connecting to the public server BridgerFTP.LexisNexis.com encounter an error similar to this: com.maverick.ssh.SshException: Incoming packet length of 518538448 bytes violates our maximum packet threshold of 131328 [Unknown cause]
Environment
All supported environments
Resolution
This issue is caused by two SSH ciphers; aes128-gcm@openssh.com and aes256-gcm@openssh.com.
If upgrading to 8.2.0 is not a possibility, the web.xml present at <MFTIS>/server/webapps/cfcc/WEB-INF/ needs to be configured to remove these two ciphers from being used.
By default, the SSHCipherSuite parameter on the web.xml is empty to allow all ciphers. The following ciphers need to be added to allow all ciphers except the above two:
<context-param>
<param-name>SSHCipherSuite</param-name>
<param-value>3des-ctr,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256</param-value>
</context-param>
After the change, the MFTIS service needs to restarted for the changes to take effect.
If upgrading to 8.2.0 is not a possibility, the web.xml present at <MFTIS>/server/webapps/cfcc/WEB-INF/ needs to be configured to remove these two ciphers from being used.
By default, the SSHCipherSuite parameter on the web.xml is empty to allow all ciphers. The following ciphers need to be added to allow all ciphers except the above two:
<context-param>
<param-name>SSHCipherSuite</param-name>
<param-value>3des-ctr,aes128-ctr,aes192-ctr,aes256-ctr,3des-cbc,blowfish-cbc,aes128-cbc,aes192-cbc,aes256-cbc,arcfour,arcfour128,arcfour256</param-value>
</context-param>
After the change, the MFTIS service needs to restarted for the changes to take effect.
Feedback
Yes
No
Powered by
