This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

503 - SSL Handshake errors

Posted 4 weeks ago
BVignesh
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

After upgrading the RHEL version 7 to 8 on our Apigee RMP server and reinstalled the Apigee setup. We are facing issues with calls reaching to cloud URLs with 503 SSL handshake error. Please help on this issues with resolution.

Error response:

{

  "fault": {

    "faultstring": "SSL Handshake failed java.security.cert.CertificateException: Certificates do not conform to algorithm constraints",

    "detail": {

      "errorcode": "messaging.adaptors.http.flow.SslHandshakeFailed"

    }

 }

}

3 1 238
Topic Labels
1 REPLY 1

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

It's likely your current Java on RHEL 8 includes some security updates on the JRE. It may have disabled MD5 hashes, or 1024bit RSA keys. Those are probably good limits to enforce.

If this were my server, I would want to understand which target is causing this problem, and what the certificates look like. That target server is probably trying to use weak ciphers or weak hashes. You can investigate that with openssl. The fix for this category of problem is to get the target to update its TLS configuration. It should be unacceptable for a TLS system to use MD5, or known weak ciphers or keys.

If you REALLY want to allow the weaker algorithms - I highly suggest you do not want to do this - then you can disable this new security feature. I believe this is the relevant Stackoverflow hint. In case the preceding disclaimer was not clear, I'll repeat: I advise against doing this. With all the security breaches lately, you do not want to be the person who is responsible for weakening the default security on your server OS.

Top Solution Authors
View all