An error message is seen while accessing TIBCO ActiveMatrix Administrator using browser: "ssl_error_no_cypher_overlap".

An error message is seen while accessing TIBCO ActiveMatrix Administrator using browser: "ssl_error_no_cypher_overlap".

book

Article ID: KB0092755

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix Service Grid -
TIBCO BPM Enterprise (formerly TIBCO ActiveMatrix BPM) -
Not Applicable -

Description

Description:
Using the latest version of Firefox browser in an AMX environment where an external HTTP port for TIBCO ActiveMatrix (AMX) Administrator is configured with SSL and the self-signed certificate is generated by the TCT, one can experience the browser refusing connections by throwing the error: "ssl_error_no_cypher_overlap". 

For the Chrome browser the error message is: ERR_SSL_VERSION_OR_CIPHER_MISMATCH
Symptoms:

Firefox browser refuses connection to AMX Administrator.


Cause:
Support of DSA (which is also the default algorithm used by keytool for self-signed certificate) has been discontinued by Firefox browser in versions later than 37.0.

Issue/Introduction

An error message is seen while accessing TIBCO ActiveMatrix Administrator using browser: "ssl_error_no_cypher_overlap".

Resolution

Steps to resolve the issue:

1). Generate a self-signed certificate using the following command:  keytool -keystore amx1.jks -genkey -alias amx -keyalg rsa 

2). Run TibcoConfigurationTool.

3). Select Edit TIBCO ActiveMatrix Administrator Server Configuration.

4). Select Edit HTTP Connection Settings.

5). On the screen to edit HTTP Connection Settings using the newly generated certificate.

6). Click Configure to execute configuration changes.

You can also downgrade the browser to a compatible version.


Additional Information

https://www.mozilla.org/en-US/firefox/37.0/releasenotes/

https://codereview.chromium.org/490763002

Powered by Wolken Software