Ошибка рукопожатия SSL: при подключении к TIBCO ActiveMatrix BusinessWorks 5.7.2

Question

версия TIBCO - TIBCO ActiveMatrix BusinessWorks 5.7.2

Проблема:

Я являюсь потребителем сервера TIBCO, получая рукопожатие SSL отказ. Я попробовал следующие команды openssl, чтобы посмотреть, может ли он принимать соединения. Ниже приведены мои результаты:

openssl s_client -showcerts -connect tibco-server: port -verify 3 -tls1 -state

verify depth is 3
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL3 alert read:fatal:unexpected_message
SSL_connect:failed in error
139827261306768:error:140943F2:SSL routines:ssl3_read_bytes:sslv3 alert unexpected message:s3_pkt.c:1493:SSL alert number 10
139827261306768:error:1409E0E5:SSL routines:ssl3_write_bytes:ssl handshake failure:s3_pkt.c:659:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1
    Cipher    : 0000
    Session-ID:
    Session-ID-ctx:
    Master-Key:
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1581402078
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
---

Однако то же самое работает, когда Я ударил ssl3 опция

openssl s_client -showcerts -connect tibco-сервер: порт -verify 3 -ssl3 -state

verify depth is 3
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = AU, ST = <state>, L = <location>, O = <org>, OU = <unit>, CN = <cn>
verify error:num=18:self signed certificate
verify return:1
depth=0 C = AU, ST = <state>, L = <location>, O = <org>, OU = <unit>, CN = <cn>
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read finished A
---
Certificate chain

-----BEGIN CERTIFICATE-----
.....
.....
-----END CERTIFICATE-----
---
Server certificate
subject=...
issuer=...
---
No client certificate CA names sent
Server Temp Key: DH, 1024 bits
---
SSL handshake has read 1779 bytes and written 362 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES128-SHA
Server public key is 2048 bit
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : SSLv3
    Cipher    : DHE-RSA-AES128-SHA
    Session-ID: 8BCEAEADC85613876FFF0E2EAB590A92
    Session-ID-ctx:
    Master-Key: <master-key-here>
    Key-Arg   : None
    Krb5 Principal: None
    PSK identity: None
    PSK identity hint: None
    Start Time: 1581402661
    Timeout   : 7200 (sec)
    Verify return code: 18 (self signed certificate)
---

Я замаскировал некоторые выходные данные.

Любая помощь, почему openssl может подключаться к TIBCO через ssl3, но не через tls1.0?

Answer 1

Эта проблема была решена после изменений конфигурации безопасности на сервере TIBCO. Теперь клиенты могут успешно согласовывать соединения TLS1.0 с сервером TIBCO.

FIX

Изменено значение безопасности: j2se вместо поручить

java.property.TIBCO_SECURITY_VENDOR=j2se

Ссылки

https://support.tibco.com/s/article/Tibco-KnowledgeArticle-Article-38616 https://community.tibco.com/questions/tls-compatibility-tibco-bw