Forum Discussion
daboochmeister
Jun 09, 2015Cirrus
Ahh! We found the answer! Our OAM administrator found a reference to an issue described as follows:
WEBGATE: SIMPLE MODE HANDSHAKE FAILS WITH JDK 6U28 AND LATER OAM 11g (DocID 1513143.1)
With security fixes in latest JDK updates, 11g and 10g Webgate Simple mode handshake fails with 11g Server.
Webgate simple mode handshake expects continuous stream of data on the socket during simple mode handshake.
With the security fixes in JDK, Server sends the handshake messages split as "1 byte + rest of the message"
Bug: 13387353 WEBGATE: SIMPLE MODE HANDSHAKE FAILS WITH JDK 6U28 AND LATER
The solution is to use Open or Cert mode, or (setting jsse.enableCBCProtection=false is what worked for us):
Solution
1. Apply patch for Bug 13387353 WEBGATE: SIMPLE MODE HANDSHAKE FAILS WITH JDK 6U28 AND LATER
2. If one does not exist for specific OS/WG/Webserver combination request OOB
Workaround
1. Set the following extra java property in setDomainEnv.sh under domain_home/bin directory:
EXTRA_JAVA_PROPERTIES="Djsse.enableCBCProtection=false
${EXTRA_JAVA_PROPERTIES}"
export EXTRA_JAVA_PROPERTIES
- daboochmeisterJun 14, 2015CirrusDoes anyone know how I can mark this question as "Answered"? It's not allowing me to mark my own response as the correct answer ...