JOANNE - Posted April 14, 2022 Share Posted April 14, 2022 Hi, We have a Tibco client using the client libraries v8.3 configured in Weblogic who's unable to connect to Tibco EMS server on TLS v1.2. The error message is below: javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate) at com.ibm.jsse2.aa.(aa.java:95) at com.ibm.jsse2.ab.(ab.java:60) at com.ibm.jsse2.bb.a(bb.java:232) at com.ibm.jsse2.bj.a(bj.java:313) at com.ibm.jsse2.bj.startHandshake(bj.java:160) at com.tibco.security.ssl.ooOO.B.doHandshake(SSLClientImpl.java:325) at com.tibco.tibjms.TibjmsxLinkSSL.connect(TibjmsxLinkSSL.java:399) at com.tibco.tibjms.TibjmsConnection._create(TibjmsConnection.java:1302) at com.tibco.tibjms.TibjmsConnection.(TibjmsConnection.java:4182) at com.tibco.tibjms.TibjmsQueueConnection.(TibjmsQueueConnection.java:36) at com.tibco.tibjms.TibjmsxCFImpl._createImpl(TibjmsxCFImpl.java:200) at com.tibco.tibjms.TibjmsxCFImpl._createConnection(TibjmsxCFImpl.java:253) at com.tibco.tibjms.TibjmsQueueConnectionFactory.createQueueConnection( at com.tibco.tibjms.naming.TibjmsContext$Messenger.request(TibjmsContext.java:325) at com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:657) at com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:491) Has someone encountered this error We can connect on TLS V1.0 but company requirement is TLS V1.2. Is there a configuration in the Tibco client libraries needed to use TLS v1.2 Thanks. Link to comment Share on other sites More sharing options...
Vinay Kulkarni 5 Posted April 15, 2022 Share Posted April 15, 2022 IF you want to use TLSv1.2 , you also need to have Unrestricted JCE policy jars installed in the Java /lib/security on the JVM running on the client machine . If your java security settings are correct , enable ssl_trace and ssl_debug_trace and capture the detailed ssl handshake logs from your application side and analyze the o/p . See what all ciphers are being used by client while connecting to EMS .Compare the ssl_cipher settings in the tibemsd.conf of ems . Also please check the EMS documentation and release notes to make sure that EMS 8.3 supports TLSv1.2 . I doubt that EMS 8.3 fully supports TLSv1.2 . If TLSv1.2 is not explicitly supported , you should consider migrating to EMS 8.6 and your client applications should use the ems 8..6 clients . Hope this helps . Warm Regards, VInay Link to comment Share on other sites More sharing options...
JOANNE - Posted April 15, 2022 Author Share Posted April 15, 2022 Thank you Vinay. We will check on those recommendations. Appreciate the feedback. joanne Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now