Forum Discussion
daboochmeister
Cirrus
CirrusAPM OAM Simple transport security mode, to v11.1.2 OAM server
Am having trouble configuring an OAM AccessGate in "Simple" transport security mode. It works correctly when "Open" transport mode is used. And, after reconfiguring the accessgate on the OAM server t...
daboochmeisterCirrus
CirrusAhh! We found the answer! Our OAM administrator found a reference to an issue described as follows:
WEBGATE: SIMPLE MODE HANDSHAKE FAILS WITH JDK 6U28 AND LATER OAM 11g (DocID 1513143.1)
With security fixes in latest JDK updates, 11g and 10g Webgate Simple mode handshake fails with 11g Server.
Webgate simple mode handshake expects continuous stream of data on the socket during simple mode handshake.
With the security fixes in JDK, Server sends the handshake messages split as "1 byte + rest of the message"
Bug: 13387353 WEBGATE: SIMPLE MODE HANDSHAKE FAILS WITH JDK 6U28 AND LATER
The solution is to use Open or Cert mode, or (setting jsse.enableCBCProtection=false is what worked for us):
Solution
1. Apply patch for Bug 13387353 WEBGATE: SIMPLE MODE HANDSHAKE FAILS WITH JDK 6U28 AND LATER
2. If one does not exist for specific OS/WG/Webserver combination request OOB
Workaround
1. Set the following extra java property in setDomainEnv.sh under domain_home/bin directory:
EXTRA_JAVA_PROPERTIES="Djsse.enableCBCProtection=false
${EXTRA_JAVA_PROPERTIES}"
export EXTRA_JAVA_PROPERTIES
daboochmeisterCirrus
CirrusDoes anyone know how I can mark this question as "Answered"? It's not allowing me to mark my own response as the correct answer ...