SSL error in tibco EMS(8.5)

[bikash Choudhary]

Could any one help as I am getting below error when trying to setup SSL . I am using sample certificate what provided by EMS (C:tibcoems8.5samplescerts)

2021-02-09 20:21:15.305 Peer certificate:

2021-02-09 20:21:15.316 Certificate=[/C=US/ST=California/L=us-english/O=Test Company/OU=client Unit/CN=client/emailAddress=client@testcompany.com]

Issuer=[/C=US/ST=California/L=us-english/O=Test Company/OU=client_root Unit/CN=client_root/emailAddress=client_root@testcompany.com]

2021-02-09 20:21:15.316 SSL accepted cipher=ECDHE-RSA-AES128-GCM-SHA256

2021-02-09 20:21:15.316 Connection protocol=TLSv1.2

2021-02-09 20:21:15.316 [OpenSSL Error]: file=ossl.c, line=1814

2021-02-09 20:21:18.393 WARNING: Closing connection from [::1] due to timeout, exceeded timeout of 3.

 

Config for SSL :

 

# Server certificate, key and private key password. If password not

# specified it is prompted for at start up time. The key and server

# certificate issuers may be included into specified PKCS12 file.

# Supports PEM, DER and PKCS12.

ssl_server_identity = C:tibcoems8.5samplescertsserver.cert.pem

ssl_server_key = C:tibcoems8.5samplescertsserver.key.pem

ssl_password = password

# Server Issuer certificate(s).

# Supports PEM, DER and PKCS#12.

# This may be a part of PKCS12 specified by ssl_server_identity

ssl_server_issuer =

# Trusted issuers of client certificates. Supports PEM, DER and PKCS7.

ssl_server_trusted = C:tibcoems8.5samplescertsclient_root.cert.pem

[bikash Choudhary]

Is this community group active

No reply from Tibco since 1 month .

[Derek Ma 2]

Hi,

As below, may you increase handshake_timeout If possible, may you share with me how you start your client with environment variables such as Java CLASSPATH

Thanks,

Derek

https://support.tibco.com/s/article/OpenSSL-Errors-WARNING-Closing-SSL-connection-from-xx-xx-xx-xx-due-to-timeout-OpenSSL-Error-file-ossl-c-line-1631-Disconnected-connection-id-1104-reason-connection-terminated-iothr-c-162-OpenSSL-Error-file-ossl-c-line

https://docs.tibco.com/pub/ems/8.5.1/doc/html/GUID-93C0E010-4296-42FB-8FEF-08A46946C3D2.html

[Saurabh Prabhu]

you might also want to set the ems log trace or console trace to SSL_DEBUG and see whats going wrong there.

[Richard Flather]

Hi, Did you try running EMS with the sample tibemsdssl.conf It also uses the same client/server certs. This is an easy way to test the environment.

$ ../../bin/tibemsd -config tibemsdssl.conf

TIBCO Enterprise Message Service Enterprise Edition.

Copyright 2003-2019 by TIBCO Software Inc.

All rights reserved.

 

Version 8.5.1 V4 9/12/2019

 

2021-03-09 10:02:28.794 Process started from '../../bin/tibemsd'.

2021-03-09 10:02:28.794 Process Id: 10482

2021-03-09 10:02:28.794 Hostname: xxxxxxx

2021-03-09 10:02:28.794 Hostname IP address: 127.0.0.1

2021-03-09 10:02:28.794 Reading configuration from 'tibemsdssl.conf'.

2021-03-09 10:02:28.798 Server name: 'EMS-SERVER'.

2021-03-09 10:02:28.798 Storage Location: 'datastore'.

2021-03-09 10:02:28.798 Routing is disabled.

2021-03-09 10:02:28.798 Authorization is disabled.

2021-03-09 10:02:28.798 The server will attempt to trace warnings about destinations that are growing unbounded above 26843545 bytes or 50000 messages.

2021-03-09 10:02:28.798 Set server properties 'large_destination_memory' and 'large_destination_count' respectively to alter these thresholds.

2021-03-09 10:02:28.804 Secure Socket Layer is enabled, using OpenSSL 1.1.1c 28 May 2019

2021-03-09 10:02:28.804 Accepting connections on ssl://xxxxxx:7243.

2021-03-09 10:02:28.805 Server is active.