198 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
IBM Installation Manager and the Not-Well-Formed Markup
Fri, Sep 22nd 2017 25
IBM Business Process Manager 8.6
Fri, Sep 22nd 2017 36
Kubernetes 1.7 available in IBM Bluemix Container Service
Wed, Sep 20th 2017 51
Using openSSL on macOS to encrypt a file using a password
Wed, Sep 20th 2017 45
This time, it's about a freezer
Tue, Sep 19th 2017 64
Kubernetes and IBM Bluemix - again with the #HoldingItWrong
Tue, Sep 19th 2017 54
Testing JDBC Data Sources using Jython
Mon, Sep 18th 2017 70
Top 10
Testing JDBC Data Sources using Jython
Mon, Sep 18th 2017 70
This time, it's about a freezer
Tue, Sep 19th 2017 64
Secure Identity Propagation Using WS-Trust, SAML2, and WS-Security
Mon, Sep 18th 2017 57
Kubernetes and IBM Bluemix - again with the #HoldingItWrong
Tue, Sep 19th 2017 54
New Technology Demonstration: BPM Analytics
Fri, Sep 15th 2017 52
Kubernetes 1.7 available in IBM Bluemix Container Service
Wed, Sep 20th 2017 51
Transport Layer Security (TLS) 1.2 and SoapUI
Fri, Jun 12th 2015 49
Using openSSL on macOS to encrypt a file using a password
Wed, Sep 20th 2017 45
IBM Business Process Manager 8.6
Fri, Sep 22nd 2017 36
Executing external Python/Jython scripts from within WebSphere Application Server's wsadmin tool
Thu, Feb 27th 2014 35


Error handshake_failure seen when connecting to WebSphere Application Server using SOAP over HTTPS
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

I saw a bunch of SSL-related errors when attempting to use / access the WebSphere Application Server SOAP-based administration service: -

/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -user wasadmin -password passw0rd -host `hostname` -port 8879

including: -

...
WASX7023E: Error creating "SOAP" connection to host "bpm856.uk.ibm.com"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure]
com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure]
...
Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure]

This started happening immediately after I'd locked down WAS using TLS 1.2 and Mutual Authentication.

However, all had been working UNTIL I enforced WAS to use a pair of TLS 1.2 ciphers: -


Specifically, I'm using these: -

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384


across the "estate" including IBM HTTP Server, WAS and DB2.

This proved to be the root cause ….

I needed to update the Deployment Manager profile's SSL configuration: -

/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/properties/ssl.client.props

from: -

#com.ibm.ssl.enabledCipherSuites=

to: -

com.ibm.ssl.enabledCipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

*NOTE* The list is separated with a space character NOT a comma; see: -

ssl.client.props client configuration file

for details.

For the record, I'd previously done this when I enforced TLS 1.2, by changing: -

com.ibm.ssl.protocol=SSL_TLS

to: -

com.ibm.ssl.protocol=TLSv1.2


---------------------
http://portal2portal.blogspot.com/2016/03/error-handshakefailure-seen-when.html
Mar 26, 2016
23 hits



Recent Blog Posts
25
IBM Installation Manager and the Not-Well-Formed Markup
Fri, Sep 22nd 2017 7:54p   Dave Hay
I saw this: -ERROR: Failed to read response file. ERROR: Problem in /mnt/installIIM186.rsp at line 5: The markup in the document following the root element must be well-formed.00:00.52 ERROR [main] com.ibm.cic.agent.core.application.HeadlessApplication run Failed to read response file. Problem in /mnt/installIIM186.rsp at line 5: The markup in the document following the root element must be well-formed.whilst trying to install IBM Installation Manager 1.8.7, using a response file: -/mnt/ins
36
IBM Business Process Manager 8.6
Fri, Sep 22nd 2017 11:35a   Dave Hay
As per my previous post: -Introducing IBM Business Process Manager 8.6 and there's moreIBM BPM 8.6 was released today, and I've started the download.This is what I'm pulling down as I type: -IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (3 of 3) (CNM6BML )IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (2 of 3) (CNM6AML )IBM Business Process Manager Server Version 8.6 For Linux X86 64Bit Multilingual (1 of 3) (CNM69ML )More t
51
Kubernetes 1.7 available in IBM Bluemix Container Service
Wed, Sep 20th 2017 6:02p   Dave Hay
This arrived in my inbox today: -We're excited to announce that Kubernetes 1.7 is available for IBM Bluemix Container Service. You can now update your Kubernetes master and worker nodes to the latest supported version of Kubernetes by using either the Bluemix dashboard or the CLI.Kubernetes 1.7 available in IBM Bluemix Container ServiceThis is perfect timing for me, as: -(a) I'm reading and reviewing Kubernetes Microservices with Docker (b) I've been tinkering with DB2 and WebSphere Liberty P
45
Using openSSL on macOS to encrypt a file using a password
Wed, Sep 20th 2017 8:44a   Dave Hay
I had a requirement to share a file with a colleague, which I did using Box. However, I wanted to go one step further and encrypt the file BEFORE sharing.This is known, in some circles, as Pre-Internet Encryption (PIE), which is funny, because I like pie - fish pie, apple pie, mince pie, you name it :-)This is what I did: -Encrypt the fileopenssl enc -aes-256-cbc -in Patent.doc > Patent_enc.doc This example uses the AES-256-CBC cipher and requests a password, which is used, with the chosen bl
64
This time, it's about a freezer
Tue, Sep 19th 2017 2:14p   Dave Hay
So almost all of my blog posts are technical, and most involve some kind of IT and/or IBM product or service.,This time, whilst still technology, it's all about …. freezers.We recently took delivery of a Zanussi ZFT10210WA freezer, and hit a problem ….Specifically, it was a UI problem.More specifically, the UI didn't match the documentation.This is what the documentation has: -whereas the freezer looks more like this: -In other words, how can I set it to -16 degrees C when the Temperature
54
Kubernetes and IBM Bluemix - again with the #HoldingItWrong
Tue, Sep 19th 2017 1:27p   Dave Hay
So I saw this: -kubectl get nodesUnable to connect to the server: could not refresh token: unrecognized error {"errorCode":"BXNIM0408E","errorMessage":"Provided refresh token is expired","context":{"requestId":"4294322993","requestType":"incoming.Kube_Token","startTime":"19.09.2017 11:58:26:739 UTC","endTime":"19.09.2017 11:58:26:741 UTC","elapsedTime":"2","instanceId":"tokenservice_dal06/1","host":"localhost","threadId":"1955e0","clientIp":"146.90.21
70
Testing JDBC Data Sources using Jython
Mon, Sep 18th 2017 5:35p   Dave Hay
One of my colleagues asked me about this …In essence, did I have a Jython script that allows one to test JDBC data source …Here's one I prepared earlier: -testDataSource.jycellID = AdminControl.getCell()cell=AdminConfig.getid( '/Cell:'+cellID+'/')for dataSource in AdminConfig.list('DataSource',cell).splitlines(): print dataSource AdminControl.testConnection(dataSource)Notes: -- To support the FOR loop, there are indentations ( thanks Python, we love you ) in front of the last two line
57
Secure Identity Propagation Using WS-Trust, SAML2, and WS-Security
Mon, Sep 18th 2017 10:43a   Dave Hay
I'm reading this: -Secure Identity Propagation Using WS-Trust, SAML2, and WS-Security [PDF]in the context of Single Sign-on (SSO), via this: -SAML 2.0 VS. JWT: UNDERSTANDING FEDERATED IDENTITY AND SAML and: -The Anatomy of a JSON Web Token
52
New Technology Demonstration: BPM Analytics
Fri, Sep 15th 2017 10:12a   Dave Hay
This from my IBM colleague, Allan Chan: -…A new BPM Analytics technology demonstration is available to use with the latest IBM Business Process Manager. The latest version works with V8.5.7.0 CF201706 release at the end of June 2017. The original version worked with V8.5.7.0 CF201703 released on 31st March 2017....The key value of IBM Business Process Manager (BPM) is in streamlining custom enterprise business processes to better optimize service and cost. It does this namely through 1) custom
28
IBM Redbook - Developing Node.js Applications on IBM Bluemix
Mon, Sep 11th 2017 1:44p   Dave Hay
Developing Node.js Applications on IBM BluemixThis IBM® Redbooks® publication explains how to create various applications based on Node.js and run them on IBM Bluemix®. In this book, you will do the following activities: • Develop a Hello World application in Node.js, executing on IBM Bluemix. Through this activity, you can learn about these technologies: • IBM SDK for Node.js • Eclipse Orion Web IDE • Use asynchronous callback • Create an Express application • Build a rich u




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition