Client running on Weblogic 10 server is unable to connect after upgrading from Tibco EMS v8.3 to v8.5. Client also updated the Tibco client libraries to v8.5 but still unable to connect.

[joanne delara 3]

They are using TLS v1.2 and ciphers used for the SSL connection exist in the Tibco server. Any other configuration either on the Weblogic or Tibco side that needs to be updated for the connection to work?

Thank you.

[Kurian Kuruvilla]

Any errors on WebLogic side or TIBCO EMS side?

[joanne delara 3]

Here is the error we're seeing on the Weblogic side:

java.lang.ExceptionInInitializerError.

java.lang.ExceptionInInitializerError

at java.lang.Class.forName0(Native Method)

at java.lang.Class.forName(Class.java:195)

at com.tibco.security.ssl.SSLFactory.init(SSLFactory.java:67)

at com.tibco.security.ssl.SSLFactory.getInstance(SSLFactory.java:87)

at com.tibco.tibjms.TibjmsxLinkSSL._initSSL(TibjmsxLinkSSL.java:302)

...

...

Caused By: java.lang.RuntimeException: java.security.NoSuchAlgorithmException: Error constructing implementation (algorithm: Default, provider: SunJSSE, class: sun.security.ssl.SSLContextImpl$DefaultSSLContext)

at com.tibco.security.ssl.B.D.super(CipherFilter.java:45)

at com.tibco.security.providers.SSLFactory_jsse.<clinit>(SSLFactory_jsse.java:74)

[Kurian Kuruvilla]

It looks like WebLogic is still using EMS client library v8.3 (v8.4 and above don't use TIBCrypt). This shouldn't be a problem though. Also, the error is encountered before the TLS handshake is initiated. Did something else change on WebLogic side?

[joanne delara 3]

Hi Kurian,

Thanks for your reply. I don't believe there are any other changes in the Weblogic side.

If the error is occurring before the TLS handshake, what could be the cause of the issue?

What usually takes place before the TLS handshake when a client is connecting to Tibco?

[Kurian Kuruvilla]

The exception is thrown from Java library. Did you post the entire exception stack trace? 

Since the EMS client version did not change, I suspect something changed in the WebLogic environment or it is some misconfiguration. One suggestion that I have is to remove EMS v8.3 library JAR files from WebLogic classpath and keep only v8.5 library JAR files. I suspect it will fail with a similar exception but exception stack trace might provide more information. 

[Kurian Kuruvilla]

"java.security.NoSuchAlgorithmException: Error constructing implementation"

This could be caused by a misconfigured keystore or truststore so check that too.

[joanne delara 3]

We removed all references to the EMS 8.3 library and kept only the 8.5 JAR files. Now seeing the following errors in Weblogic logs:

java.lang.UnsupportedClassVersionError: com/tibco/tibjms/naming/TibjmsInitialContextFactory : Unsupported major.minor version 52.0.

[Kurian Kuruvilla]

Is the WebLogic environment using JRE version 1.7? If yes, using EMS 8.5 library JAR files might not be an option.

Does the keystore/truststore configuration look fine?

[joanne delara 3]

Thanks Kurian. Yes, the Weblogic environment is using Java 1.7. Is it ok if we use Tibco 8.3 libraries on the Weblogic server? Do you know if Weblogic 10 is compatible with EMS 8.5.1?

[joanne delara 3]

Hi Kurian,

Configured a WL 14c (WebLogic Server Version: 14.1.1.0.0) environment and Java 1.8 (Java Version:1.8.0_291) but still unable to establish connectivity. Seeing the following errors in the WL logs.

<ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'> <<WLS Kernel>> <> <cd4797ab-e33e-4ed8-9f35-4d0fd8c99a34-00000029> <1681335261841> <[severity-value: 128] [rid: 0] > <BEA-000000> <Exception processing peer certificates: peer not authenticated

javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated

       at sun.security.ssl.SSLSessionImpl.getPeerCertificates(SSLSessionImpl.java:574)

       at weblogic.servlet.provider.WlsSecurityProvider.getSSLAttributes(WlsSecurityProvider.java:284)

We're not seeing any connection attempts in the Tibco server logs.

The keystore and truststore looks good. We can see the tibco certificate imported along with the Root and Intermediate CA.

In the jndi.properties of Weblogic, the ssl_enable_verify_host  is set to False.

thanks for your help.

[Kurian Kuruvilla]

The exception is from WebLogic code. I am not familiar with WebLogic but it looks like WebLogic is trying to access certificates from a session. Does it mean that the a connection has been established? Do you have SSL handshake debug logs from WebLogic side?

[joanne delara 3]

It seems the 'peer not authenticated' exceptions are benign messages per Oracle/Weblogic support. They show up in the logs when SSL debug in Weblogic is enabled and not related to the Tibco connectivity issue.

It's puzzling we're not seeing any other exceptions and it seems WL is not even attempting the SSL handshake.

Just to make sure we're not missing anything, these are the steps we did in the WL server to connect to Tibco EMS.

1. Copy the Tibco 8.5 client libraries to the WL lib directory.
2. Add the path to the libraries to the WL setDomainenv
3. Create a Foreign JMS server
4. Restart WL

Do you know if we are missing any step?

[Kurian Kuruvilla]

I am not familiar with WebLogic. See if the article at the following location helps.

https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-28957