Hello Team,
I would need your help to enable communication over TLS1.2 on AIX 7.1 or 7.2 with IBM JDK 1.8 latest update.
By default, the request is trying to establish a connection over TLSv1 even though TLS 1.2 is explicitly enabled on server as well as on Java 8. The openssl command throws SSL handshake error. We tried with 2 versions of OpenSSL, 1.0.1e and 1.0.2k, but same behavior. Please find the logs below:
It seems there is no cipher suites on common which can work for TLS 1.2. Kindly let me know if you need more information to root cause this issue.
Also, is there any way to enable TLS 1.1 & 1.2 in AIX as I have read few articles and got to know that these are not enabled by default on AIX.
Thanks,
Naina
I would need your help to enable communication over TLS1.2 on AIX 7.1 or 7.2 with IBM JDK 1.8 latest update.
By default, the request is trying to establish a connection over TLSv1 even though TLS 1.2 is explicitly enabled on server as well as on Java 8. The openssl command throws SSL handshake error. We tried with 2 versions of OpenSSL, 1.0.1e and 1.0.2k, but same behavior. Please find the logs below:
Code:
[06:24 AM root@s822-aix01p1 /opt]: openssl s_client -tls1_2 -connect 10.225.120.125:8443
CONNECTED(00000003)
804401144:error:14094438:SSL routines:SSL3_READ_BYTES:tlsv1 alert internal error:s3_pkt.c:1259:SSL alert number 80
804401144:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:599:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 7 bytes and written 0 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : 0000
Session-ID:
Session-ID-ctx:
Master-Key:
Key-Arg : None
PSK identity: None
PSK identity hint: None
SRP username: None
Start Time: 1550489753
Timeout : 7200 (sec)
Verify return code: 0 (ok)
---Also, is there any way to enable TLS 1.1 & 1.2 in AIX as I have read few articles and got to know that these are not enabled by default on AIX.
Thanks,
Naina