55623 - Secure Sockets Layer (SSL) handshake errors occur when you invoke the JBoss web application server and when the SSLv2Hello protocol is restricted

Problem Note 55623: Secure Sockets Layer (SSL) handshake errors occur when you invoke the JBoss web application server and when the SSLv2Hello protocol is restricted

SSL handshake errors occur during invocation of the JBoss web application server. This problem occurs when the SSLv2Hello protocol is not allowed or it is restricted.

The Apache HttpClient classes that are used by SAS to make some internal requests generate an SSLv2Hello message during the SSL handshake. This message is rejected if the SSL protocol is restricted or not allowed, (for example, if the protocol is limited to TLSv1 or higher: -Dhttps.protocols="TLSv1"). The restriction results in SSL handshake errors in the web application-server log, and SAS web applications do not initialize properly.

To work around this problem, make sure that SSLv2Hello is allowed as part of the SSL protocols. This workaround only enables the SSLv2Hello message during the handshake, but SSLv2 is not used otherwise. As an example, you can specify the following in the HTTP connector for JBoss:

sslProtocols="TLSv1, SSLv2Hello"

This problem only affects SAS^® environments that use Java 6 or earlier. With Java 7, the SSLv2Hello protocol is no longer used.

Operating System and Release Information

Product Family	Product	System	SAS Release
Product Family	Product	System	Reported	Fixed*
SAS System	SAS Web Infrastructure Platform	Solaris for x64	9.2 TS2M0	9.4 TS1M0
		Linux for x64	9.2 TS2M0	9.4 TS1M0
		HP-UX IPF	9.2 TS2M0	9.4 TS1M0
		64-bit Enabled Solaris	9.2 TS2M0	9.4 TS1M0
		64-bit Enabled HP-UX	9.2 TS2M0	9.4 TS1M0
		64-bit Enabled AIX	9.2 TS2M0	9.4 TS1M0
		Windows Vista for x64	9.2 TS2M0
		Windows Vista	9.2 TS2M0
		Microsoft Windows XP Professional	9.2 TS2M0
		Microsoft Windows Server 2008 for x64	9.2 TS2M0	9.4 TS1M0
		Microsoft Windows Server 2008 R2	9.2 TS2M0	9.4 TS1M0
		Microsoft Windows Server 2003 for x64	9.2 TS2M0
		z/OS	9.2 TS2M0	9.4 TS1M0
		Microsoft® Windows® for x64	9.2 TS2M0	9.4 TS1M0
		Microsoft Windows Server 2003 Datacenter Edition	9.2 TS2M0
		Microsoft Windows Server 2003 Enterprise Edition	9.2 TS2M0
		Microsoft Windows Server 2003 Standard Edition	9.2 TS2M0

* For software releases that are not yet generally available, the Fixed Release is the software release in which the problem is planned to be fixed.

Date Modified:	2015-04-22 14:01:15
Date Created:	2015-04-22 10:10:23

Type:	Problem Note
Priority:	high

Support

Problem Note 55623: Secure Sockets Layer (SSL) handshake errors occur when you invoke the JBoss web application server and when the SSLv2Hello protocol is restricted

Operating System and Release Information