203 Lotus blogs updated hourly. Who will post next? Home | Blogs | Search | About 
 
Latest 7 Posts
IBM DB2, Red Hat Enterprise Linux and the IBM Mainframe
Thu, Nov 16th 2017 40
Telnet, my Telnet - Or macOS High Sierra, what have you done ?
Tue, Nov 14th 2017 82
Vagrant and VMware - all the Vs together - or not
Tue, Nov 14th 2017 55
IBM Cloud Private - Tinkering with Vagrant
Mon, Nov 13th 2017 67
Cloud Foundry and Ruby on IBM Bluemix - Learning, learning, learning - keep those lessons learning
Thu, Nov 9th 2017 46
Hmmm, Segmentation Fault 11 with Cloud Foundry
Thu, Nov 9th 2017 42
Installing IBM DB2 on Linux using IBM Installation Manager - Fun and Games
Wed, Nov 8th 2017 35
Top 10
Telnet, my Telnet - Or macOS High Sierra, what have you done ?
Tue, Nov 14th 2017 82
IBM Cloud Private - Tinkering with Vagrant
Mon, Nov 13th 2017 67
Vagrant and VMware - all the Vs together - or not
Tue, Nov 14th 2017 55
Hmmm, macOS Sierra and XQuartz and X11
Thu, Oct 27th 2016 54
Cloud Foundry and Ruby on IBM Bluemix - Learning, learning, learning - keep those lessons learning
Thu, Nov 9th 2017 46
Transport Layer Security (TLS) 1.2 and SoapUI
Fri, Jun 12th 2015 42
Hmmm, Segmentation Fault 11 with Cloud Foundry
Thu, Nov 9th 2017 42
IBM DB2, Red Hat Enterprise Linux and the IBM Mainframe
Thu, Nov 16th 2017 40
Hmmmm, HTTP404 and SRVE0190E seen with IBM HTTP Server and WebSphere Application Server
Fri, Nov 14th 2014 37
Installing IBM DB2 on Linux using IBM Installation Manager - Fun and Games
Wed, Nov 8th 2017 35


Error handshake_failure seen when connecting to WebSphere Application Server using SOAP over HTTPS
Twitter Google+ Facebook LinkedIn Addthis Email Gmail Flipboard Reddit Tumblr WhatsApp StumbleUpon Yammer Evernote Delicious
   

I saw a bunch of SSL-related errors when attempting to use / access the WebSphere Application Server SOAP-based administration service: -

/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/bin/wsadmin.sh -lang jython -user wasadmin -password passw0rd -host `hostname` -port 8879

including: -

...
WASX7023E: Error creating "SOAP" connection to host "bpm856.uk.ibm.com"; exception information: com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure]
com.ibm.websphere.management.exception.ConnectorNotAvailableException: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure]
...
Caused by: [SOAPException: faultCode=SOAP-ENV:Client; msg=Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure; targetException=java.lang.IllegalArgumentException: Error opening socket: java.io.IOException: Exception during sslSocket.startHandshake: Received fatal alert: handshake_failure]

This started happening immediately after I'd locked down WAS using TLS 1.2 and Mutual Authentication.

However, all had been working UNTIL I enforced WAS to use a pair of TLS 1.2 ciphers: -


Specifically, I'm using these: -

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384


across the "estate" including IBM HTTP Server, WAS and DB2.

This proved to be the root cause ….

I needed to update the Deployment Manager profile's SSL configuration: -

/opt/IBM/WebSphere/AppServer/profiles/Dmgr01/properties/ssl.client.props

from: -

#com.ibm.ssl.enabledCipherSuites=

to: -

com.ibm.ssl.enabledCipherSuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384

*NOTE* The list is separated with a space character NOT a comma; see: -

ssl.client.props client configuration file

for details.

For the record, I'd previously done this when I enforced TLS 1.2, by changing: -

com.ibm.ssl.protocol=SSL_TLS

to: -

com.ibm.ssl.protocol=TLSv1.2


---------------------
http://portal2portal.blogspot.com/2016/03/error-handshakefailure-seen-when.html
Mar 26, 2016
17 hits



Recent Blog Posts
40
IBM DB2, Red Hat Enterprise Linux and the IBM Mainframe
Thu, Nov 16th 2017 5:54p   Dave Hay
I'm running through the process to deploy IBM Business Process Manager (BPM) 8.6 onto an IBM mainframe ….This is something that I've done a number of times before, since I first joined the (then) IBM Software Services for WebSphere team in late 2012.In essence, although the underlying hardware is the IBM z platform ( also known as LinuxOne in this guise ), I'm installing BPM etc. onto Red Hat Enterprise Linux (RHEL) and Linux is …. Linux.So the approach to install BPM, and it's dependenc
82
Telnet, my Telnet - Or macOS High Sierra, what have you done ?
Tue, Nov 14th 2017 2:04p   Dave Hay
This harks back to a VERY old post: -Testing Times with Telnetwhich was penned back in 2010.Since I've upgraded to macOS High Sierra, I've lost the FTP and Telnet clients.Ordinarily that wouldn't be a problem but ….Telnet is often useful for testing ports e.g. telnet localhost 9443.Thankfully, we have a solution …. Netcat.Q: Checking TCP/UDP ports!nc -vnzu 127.0.0.1 9080found 0 associationsfound 1 connections: 1: flags=82 outif (null) src 127.0.0.1 port 59595 dst 127.0.0.1 port 9080 r
55
Vagrant and VMware - all the Vs together - or not
Tue, Nov 14th 2017 12:49p   Dave Hay
Further to my last: -IBM Cloud Private - Tinkering with VagrantI'm now looking at the options to use VMware Workstation ( this is on Linux, rather than my default home of macOS ) instead of VirtualBox.Following this: -https://www.vagrantup.com/docs/vmware/installation.htmlI've installed the appropriate plugin: -vagrant plugin install vagrant-vmware-workstationInstalling the 'vagrant-vmware-workstation' plugin. This can take a few minutes...Fetching: vagrant-share-1.1.9.gem (100%)Fetching: va
67
IBM Cloud Private - Tinkering with Vagrant
Mon, Nov 13th 2017 3:11p   Dave Hay
So I've been on a slow boat to IBM Cloud Private, over the past few weeks, and am continuing to self-enable in my "spare" time ( my formal enablement starts next week ). Looking at this: -Source: IBM Cloud Private 2.1.0 - Architectureit was clear that I really needed a few boxes onto which to actually install ICP.Whilst it is possible to run everything on one box ( as per this IBM Cloud Private - My first foray ), I thought that I really should do things properly.So, starting with Beast, whic
46
Cloud Foundry and Ruby on IBM Bluemix - Learning, learning, learning - keep those lessons learning
Thu, Nov 9th 2017 7:06p   Dave Hay
Following a previous post: -Hmmm, Segmentation Fault 11 with Cloud FoundryI'm running through this: -LFS132x Introduction to Cloud Foundry and Cloud Native Software Architectureand was hitting an issue with the version of Ruby specified within some of the lesson material.This is what I saw: -cf pushUsing manifest file /Users/davidhay/Downloads/LFS132x/Scaling/web_app/manifest.ymlCreating app web-app in org david_hay@uk.ibm.com / space david_hay as david_hay@uk.ibm.com...OKCreating route web-app
42
Hmmm, Segmentation Fault 11 with Cloud Foundry
Thu, Nov 9th 2017 5:15p   Dave Hay
Whilst following this online course: -LFS132x Introduction to Cloud Foundry and Cloud Native Software ArchitectureI was tinkering ( man, I love that word ) with Cloud Foundry ( CF ).Now it's been a while and I've been through a macOS upgrade from Sierra to High Sierra ( wonder if there's a clue there ? ).So this time around, I'm seeing "Segmentation Fault: 11" : -cf versionSegmentation fault: 11cf loginSegmentation fault: 11which cf/usr/local/bin/cfls -al `which cf`-rwxr-xr-x 1 root whee
35
Installing IBM DB2 on Linux using IBM Installation Manager - Fun and Games
Wed, Nov 8th 2017 3:49p   Dave Hay
I've installed DB2 a million (!) times over the past 17 years, since I joined what was then IBM Software Group.However, I've almost always installed it using the DB2 installation binaries and response files.For a long time now, it's been packaged with IBM BPM, and other products, and thus suitable to be installed using IBM Installation Manager (IIM).So now I'm trying that ….One thing of which to be aware; DB2 is typically only ever installed as root, which means ( to me, at least ) that BP
28
Hmmm, why can't root uninstall IBM DB2 ?
Wed, Nov 8th 2017 1:00p   Dave Hay
I'm cleaning up a VM, and looking to remove DB2 11.1: -/opt/ibm/db2/V10.5/install/db2_deinstall -aDBI1149E To execute this program, you must be the owner of the installation copy.Explanation: The current DB2 copy was not installed by the user who is running theprogram.User response: Log in as the user who installed the current copy of DB2 and rerun thecommand.Given that I'm doing this as root, I'm wondering "Whaaaaat?"So I dug further …/opt/ibm/db2/V10.5/install/db2lsInstall Path
18
Using curl to drive a SOAP-based web service
Mon, Nov 6th 2017 8:40p   Dave Hay
As part of some tinkering (!) with IBM BPM 8.6, specifically to test a SOAP-based Web Service, as exposed ( exported ) by a SCA module, I wanted to quickly test the service without needing to start/use SoapUI each and every time.Thankfully, there's a curl for that …I'd checked the SCA Module to check the Endpoint Address of the SCA module: -and then hit the ?wsdl action to pull back the WSDL itself: -https://bpmdb.uk.ibm.com:9443/CanaryWeb/sca/callTheCanary?wsdlThis auto-expands to this URL:
9
Amazon Web Services and a Salutary Learning Experience
Fri, Nov 3rd 2017 8:44a   Dave Hay
I received a small but costly reminder that little in life is free this AM.Whilst indulging in my usual bout of cross-trainer ( #GymOClock ), I checked my emails and saw one purportedly from Amazon Web Services (AWS), suggesting that I owed them $56.31.Being a cautious type, I did NOT click on the links in the email, but instead logged into my AWS dashboard: -https://console.aws.amazon.com/ec2and navigated across to the Billing Dashboard: -https://console.aws.amazon.com/billing/homeLo and behold




Created and Maintained by Yancy Lent - About - Planet Lotus Blog - Advertising - Mobile Edition