book
Article ID: KB0086020
calendar_today
Updated On:
Description
Resolution:
[SME-Comments] Support-Only
Environment
==========
ALL
Description
============
BW client cannot connect to WAS server v7.x because the WAS server requires the client to handle "Elliptical Curve Cryptography (ECC)" Cipher. The exception is:
javax.net.ssl.SSLException: Received fatal alert: unexpected_message
From the following SSL stacktrace it shows BW does not present the ECC cipher to server in ClientHello message.
*** ClientHello, TLSv1
RandomCookie: GMT: 1378346768 bytes = { 39, 42, 109, 176, 207, 142, 233, 18, 15, 67, 255, 97, 229, 152, 138, 79, 36,
245, 4, 230, 164, 140, 6, 101, 192, 234, 91, 115 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, SSL_RSA_WITH_AES_128_CBC_SHA,
SSL_DHE_RSA_WITH_AES_128_CBC_SHA, SSL_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE
_CBC_SHA, SSL_RSA_FIPS_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_DSS_WITH_RC4_128_SHA, SSL_ECDHE_ECDSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_RSA_WITH_AES_128_CBC_SHA,
SSL_ECDH_ECDSA_WIT
H_AES_128_CBC_SHA, SSL_ECDH_RSA_WITH_AES_128_CBC_SHA, SSL_ECDHE_ECDSA_WITH_RC4_128_SHA,
SSL_ECDHE_RSA_WITH_RC4_128_SHA, SSL_ECDH_ECDSA_WITH_RC4_128_SHA, SSL_ECDH_RSA_WITH_RC4_128_SHA,
SSL_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ECDHE_RSA_W
ITH_3DES_EDE_CBC_SHA, SSL_ECDH_ECDSA_WITH_3DES_EDE_CBC_SHA, SSL_ECDH_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_RENEGO_PROTECTION_REQUEST]
Compression Methods: { 0 }
Extension elliptic_curves, curve names: {secp256r1, secp192r1, secp224r1, secp384r1, secp521r1, secp160k1, secp160r1,
secp160r2, secp192k1, secp224k1, secp256k1}
Extension ec_point_formats, formats: [uncompressed]
***
WRITE: TLSv1 Handshake, length = 125
READ: TLSv1 Alert, length = 2
RECV TLSv1 ALERT: fatal, unexpected_message
called closeSocket()
handling exception: javax.net.ssl.SSLException: Received fatal alert: unexpected_message
Resolution
==========
Java 7 adds Elliptical Curve cryptography support. You can find security provider "SunEC" in java.security file.
security.provider.3=sun.security.ec.SunEC
BW 5.11 supports java 7. So you need to upgrade TRA to 5.8 and BW to 5.11.
Issue/Introduction
How to use "Elliptical Curve Cryptography (ECC)" Cipher in BW?