3

We have a java web application which generates birt reports by calling a soap web service. I believe Birt is using RC4 ciphers and those are considered weak and are being removed from our LTM/F5 as a result getting the below error.

[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', fatal error: 80: problem unwrapping net record
javax.net.ssl.SSLProtocolException: Server returned wrong cipher suite for session
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', SEND TLSv1.2 ALERT: fatal, description = internal_error
[ACTIVE] ExecuteThread: '0' for queue: 'weblogic.kernel.Default (self-tuning)', WRITE: TLSv1.2 Alert, length = 2

So, is there a way we can enable different ciphers or enforce JVM to not to use RC4 ciphers and use a different one from the application?

tbodt
  • 16,609
  • 6
  • 58
  • 83
Maverick Riz
  • 2,025
  • 5
  • 19
  • 23
  • 3
    Did you look at [setEnabledCipherSuites](https://docs.oracle.com/javase/8/docs/api/javax/net/ssl/SSLEngine.html#setEnabledCipherSuites-java.lang.String:A-) and the [JSSE ref guide](http://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html)? You can also do some things [system wide](http://stackoverflow.com/q/18589761/589259) – Maarten Bodewes Apr 08 '15 at 22:32
  • 3
    That doesn't look like an error caused by using RC4, it looks like some non-blocking IO bug. You can set a [property](http://docs.oracle.com/javase/7/docs/technotes/guides/security/jsse/JSSERefGuide.html#DisabledAlgorithms) on the jvm launcher to disable RC4 ciphersuites. – President James K. Polk Apr 08 '15 at 22:36
  • 2
    I would recommend running on the latest & greatest Java version available for TLS 1.2. – Maarten Bodewes Apr 08 '15 at 22:38
  • Configured cipher in weblogic console as vm arguments and that works fine. Thanks – Maverick Riz Apr 23 '15 at 21:53

0 Answers0