Jump to content

Tibco Client is not able to connect to Tibco EMS server v8.3 on TLS v1.2


JOANNE -

Recommended Posts

Hi,

We have a Tibco client using the client libraries v8.3 configured in Weblogic who's unable to connect to Tibco EMS server on TLS v1.2.

The error message is below:

javax.net.ssl.SSLHandshakeException: No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

at com.ibm.jsse2.aa.(aa.java:95)

at com.ibm.jsse2.ab.(ab.java:60)

at com.ibm.jsse2.bb.a(bb.java:232)

at com.ibm.jsse2.bj.a(bj.java:313)

at com.ibm.jsse2.bj.startHandshake(bj.java:160)

at com.tibco.security.ssl.ooOO.B.doHandshake(SSLClientImpl.java:325)

at com.tibco.tibjms.TibjmsxLinkSSL.connect(TibjmsxLinkSSL.java:399)

at com.tibco.tibjms.TibjmsConnection._create(TibjmsConnection.java:1302)

at com.tibco.tibjms.TibjmsConnection.(TibjmsConnection.java:4182)

at com.tibco.tibjms.TibjmsQueueConnection.(TibjmsQueueConnection.java:36)

at com.tibco.tibjms.TibjmsxCFImpl._createImpl(TibjmsxCFImpl.java:200)

at com.tibco.tibjms.TibjmsxCFImpl._createConnection(TibjmsxCFImpl.java:253)

at com.tibco.tibjms.TibjmsQueueConnectionFactory.createQueueConnection(

at com.tibco.tibjms.naming.TibjmsContext$Messenger.request(TibjmsContext.java:325)

at com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:657)

at com.tibco.tibjms.naming.TibjmsContext.lookup(TibjmsContext.java:491)

Has someone encountered this error We can connect on TLS V1.0 but company requirement is TLS V1.2.

Is there a configuration in the Tibco client libraries needed to use TLS v1.2

Thanks.

Link to comment
Share on other sites

IF you want to use TLSv1.2 , you also need to have Unrestricted JCE policy jars installed in the Java /lib/security on the JVM running on the client machine . If your java security settings are correct , enable ssl_trace and ssl_debug_trace and capture the detailed ssl handshake logs from your application side and analyze the o/p . See what all ciphers are being used by client while connecting to EMS .Compare the ssl_cipher settings in the tibemsd.conf of ems .

Also please check the EMS documentation and release notes to make sure that EMS 8.3 supports TLSv1.2 . I doubt that EMS 8.3 fully supports TLSv1.2 .

If TLSv1.2 is not explicitly supported , you should consider migrating to EMS 8.6 and your client applications should use the ems 8..6 clients . Hope this helps .

 

Warm Regards,

VInay

Link to comment
Share on other sites

×
×
  • Create New...