How to fix outbound HTTPS (SSL) error "Received fatal alert: unexpected_message" in BC 6.x.x
Article ID: KB0088519
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessConnect | - |
| Not Applicable | - |
Description
Resolution:
Description:
============
BC 5.x was able to exchange messages successfully with Trading Partner Gateway using a HTTPS (SSL) connection. After BC migration from 5.x to 6.x, the outbound HTTPS transaction to the same Trading Partner is now failing with the error "Received fatal alert: unexpected_message". The Trading Partner B2B gateway configuration remained the same and nothing was changed on the trading partner side.
Environment:
============
BusinessConnect 6.0.0 and above
Symptoms:
=========
When an outbound HTTPS transaction to the Trading Partner is sent, the following error occurs:
error sending HTTP/S message to https://trading.partner.com:443/xxxx received HTTP response "699". Error connecting to host trading.partner.com at port 443 . Received fatal alert: unexpected_message
Cause:
======
In BC 6.x.x, the "bc.securityVendor.sockets" property set to SUN in Admin > BC > System Settings > Activated Protocol Plug-ins and Properties > BC. In the SSL handshake, the SUN provider is using the renegotiation info extension in the cipher list, which is older (not RFC 5746 complaint) and not backward compatible, hence some SSL implementations don't recognize it.
The Entrust provider uses the backward compatible option of using the 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV' cipher in the cipher list instead of the SUN providers approach of using the renegotiation info extension which is older (and not RFC 5746 complaint). The Entrust alternate approach indicates to the SSL peer that the sender is capable of secure renegotiation.
Resolution:
=========
In BC 6.x.x, change the "bc.securityVendor.sockets" property value from 'SUN' to 'ENTRUST' in Admin > BC > System Settings > Activated Protocol Plug-ins and Properties > BC. The Entrust provider uses the backward compatible option for the TLS_EMPTY_RENEGOTIATION_INFO_SCSV' cipher in the cipher list.
Description:
============
BC 5.x was able to exchange messages successfully with Trading Partner Gateway using a HTTPS (SSL) connection. After BC migration from 5.x to 6.x, the outbound HTTPS transaction to the same Trading Partner is now failing with the error "Received fatal alert: unexpected_message". The Trading Partner B2B gateway configuration remained the same and nothing was changed on the trading partner side.
Environment:
============
BusinessConnect 6.0.0 and above
Symptoms:
=========
When an outbound HTTPS transaction to the Trading Partner is sent, the following error occurs:
error sending HTTP/S message to https://trading.partner.com:443/xxxx received HTTP response "699". Error connecting to host trading.partner.com at port 443 . Received fatal alert: unexpected_message
Cause:
======
In BC 6.x.x, the "bc.securityVendor.sockets" property set to SUN in Admin > BC > System Settings > Activated Protocol Plug-ins and Properties > BC. In the SSL handshake, the SUN provider is using the renegotiation info extension in the cipher list, which is older (not RFC 5746 complaint) and not backward compatible, hence some SSL implementations don't recognize it.
The Entrust provider uses the backward compatible option of using the 'TLS_EMPTY_RENEGOTIATION_INFO_SCSV' cipher in the cipher list instead of the SUN providers approach of using the renegotiation info extension which is older (and not RFC 5746 complaint). The Entrust alternate approach indicates to the SSL peer that the sender is capable of secure renegotiation.
Resolution:
=========
In BC 6.x.x, change the "bc.securityVendor.sockets" property value from 'SUN' to 'ENTRUST' in Admin > BC > System Settings > Activated Protocol Plug-ins and Properties > BC. The Entrust provider uses the backward compatible option for the TLS_EMPTY_RENEGOTIATION_INFO_SCSV' cipher in the cipher list.
Issue/Introduction
How to fix outbound HTTPS (SSL) error "Received fatal alert: unexpected_message" in BC 6.x.x
Feedback
Yes
No
Powered by
