Tag: Java Secure Socket Extension

IIB JSSE trace SoapRequest node

IBM Customer Leave a comment
Hi Team,
Inorder to enable the JSSE SSL trace on IIB/WMB. , following the below documentation. https://www-01.ibm.com/support/docview.wss?uid=swg21300238. This says it works for HTTPRequest node. attempted the same setup for a SOAPRequest flow with EG specific trustores. The setting of the environment variable is not giving an logs in windows 10 IIB. Could you please advise if any additional adjustments needs to be done to the Env variable to make it work on SOAPRequest windows 10, IIB10. Thanks

Related:

  • No Related Posts

How do I gather JSSE client side traces for command operations such as ‘stopServer’ or ‘syncNode’?

IBM Customer Leave a comment
How do I gather JSSE client side traces for command operations such as ‘stopServer’ or ‘syncNode’?

Related:

42873 SSL Medium Strength Cipher Suites Supported — 94437 SSL 64-bit Block Size Cipher Suites Supported (SWEET32) — 65821 SSL RC4 Cipher Suites Supported

IBM Customer Leave a comment
Hi All ,

these questions pls , for the above mentioned Nessus issue :

in Unix Aix 6.1 Server with ssh 6.0.0.6204 and openssl 1.0.2k , java sdk 6 (64bit)
and java 131 and 141 (but only 32 bit, not 64 mh..) ,

i have checked java security files .. there are no the FIPS :
https://www.ibm.com/support/knowledgecenter/en/SS7UH9_6.3.0/ncm/wip/confg/task/ncm_config_enablefips.html
-r–r–r– 1 bin bin 132 May 16 10:51 javaws.policy
-r–r–r– 1 bin bin 10051 May 16 10:51 java.security
-r–r–r– 1 bin bin 2854 May 16 10:51 java.policy

List of providers and their preference orders (see above):
#
security.provider.1=com.ibm.jsse.IBMJSSEProvider
security.provider.2=com.ibm.crypto.provider.IBMJCE
security.provider.3=com.ibm.security.jgss.IBMJGSSProvider
security.provider.4=com.ibm.security.cert.IBMCertPath

—————————————–

openssl ciphers -V , gives me all the 64bit SSLV3 Ciphers/MACs , for the SSL usage

no restrictions ,

only few TLS v.1.2 Ciphers/MACS that will be perfect for me .with AES 128 Bit

So … ,

gentily somebody could tell me how i can configure for having in the major part of the connnections , if not all the connnections, SSL usage with TLS v 1.2 Ciphers/MACs type, and ,limiting strongly SSLv3 usage ?

Thanx a lot for what you could suggest.

All the best.

Max

Related:

Illegal Argument Exception for UUID using newly upgraded UCD 6.2.4 when trying to upload artifacts

IBM Customer Leave a comment
Hi,

First a little background:
we came from UCD 6.1.1 and recently updated to 6.2.4 successfully. We have some components with artifacts and some without. Our RTC build pushes new versions into the UCD repository and the new versions show up correctly. However the problem starts when RTC tries to add artifacts to the components. We get this error:

2017-04-05 17:22:30,019 ERROR https-jsse-nio-0.0.0.0-8443-exec-3 com.urbancode.commons.web.filter.ExceptionHandlingFilter – java.lang.IllegalArgumentException: Invalid UUID string: stored-procedures.6.1.0
java.lang.IllegalArgumentException: Invalid UUID string: stored-procedures.1.1.2
at java.util.UUID.fromString(UUID.java:194)
at com.urbancode.commons.webext.util.JSONUtilities.getUUIDFromJsonObject(JSONUtilities.java:59)
at com.urbancode.ds.web.cli.internal.rest.VersionCLIInternalResource.stageVersionFile(VersionCLIInternalResource.java:222)



I cut the error message here since the “helpful” info is already there (I could also post the whole message if necessary) The UUID.fromString method does not accept our string “stored-procedure.1.1.2” and detects it as an invalid argument. This worked fine in UCD 6.1.1 (also with openJDK 1.7 java while we have 1.8 now with the new server) So does anyone have any clue why the name was accepted before and is not accepted anymore?

Related:

z/OS Connect EE V2.0.7 ssl handshake failing – javax.net.ssl.SSLHandshakeException: null cert chain

IBM Customer Leave a comment
We are not able to get our SSL connection to our z/OS Connect EE server to complete. The browser keeps getting ssl handshake failures.

We are expecting a popup in our browser to enter the userid and password over ssl. Our server.xml has the following for security setup…

clientAuthenticationSupported=”true”
clientAuthentication=”true”/>

We turned on the following tracing to see if we could determine why the handshake fails.

Also in the zCEE server startup JCL in the //STDENV DD we added the JSSE tracing option and then restarted the server.

JVM_OPTIONS=-Djavax.net.debug=ssl

The trace shows the following fatal ssl handshake exception…

[3/2/17 23:37:32:219 EST] 000000c4 SystemOut
O *** ServerHelloDone
[3/2/17 23:37:32:219 EST] 000000c4 SystemOut
O Default Executor-thread-143, WRITE: TLSv1.2
Handshake, length = 5111
[3/2/17 23:37:32:226 EST] 0000009c SystemOut
O Default Executor-thread-103, READ: TLSv1.2
Handshake, length = 7
[3/2/17 23:37:32:226 EST] 0000009c SystemOut
O *** Certificate chain
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O ***
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O Default Executor-thread-103, fatal error: 40:
null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O %% Invalidated: [Session-4,
SSL_DHE_RSA_WITH_AES_128_CBC_SHA256]
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O Default Executor-thread-103
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O , SEND TLSv1.2 ALERT:
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O fatal,
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O description = handshake_failure
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O Default Executor-thread-103, WRITE: TLSv1.2
Alert, length = 2
[3/2/17 23:37:32:227 EST] 0000009c SystemOut
O Default Executor-thread-103, fatal: engine
already closed. Rethrowing javax.net.ssl.SSLHandshakeException: null
cert chain

We still cannot understand why the ssl handshake is failing…any suggestions?

Related:

crr Thanks Brian,We had raised PMR and suugested to use JSSE helper /jvm level custom properties .

IBM Leave a comment
crr0600020FFP Thanks Brian,We had raised PMR and suugested to use JSSE helper /jvm level custom properties .

Related:

how to configure(java) tls 1.2 in the eclsession class using jsse

IBM Customer Leave a comment
Trying to upgrade hod 11 to use tls 1.2 using jsse. We would need to know what parameters in the eclsession class to set

Related:

Make secure API calls in IBM API Connect

IBM Leave a comment
Security is crucial when you are exposing back-end data services to
applications, in particular to web and mobile applications. This tutorial
shows how to add Transport Layer Security (TLS) profiles in IBM API
Connect to connect your APIs to Secure Sockets Layer (SSL)-enabled back-end systems.

Related:

SSL client authentication: It’s a matter of trust

IBM Leave a comment
This article introduces client authentication with SSL (Secure Sockets Layer, a security protocol), discusses its benefits and explains how to set up SSL client authentication on a Domino 4.6 or 4.6.1 server.

Related: