WEBGUI and REST services fail with a protocol exception. Why?

If the WEBGUI and REST services in your cluster fail to start with a javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported error in the logs, your TLS settings might not be enabled for the specified protocol version.

Both the cluster management console and the REST web servers are, by default, enabled for TLSv1.2. When your clients use other TLS versions, you must enable these versions in the wsm.conf file for the cluster management console and in the wsm_rest.conf file for REST.
Important: Though older TLS versions can be enabled, these options are vulnerable to BEAST (Browser Exploit Against SSL/TLS) or POODLE (Padding Oracle On Downgraded Legacy Encryption) attacks. Review any security implications before enabling these options.
  1. Edit the configuration files for the web server:
    • For the cluster management console web server, edit the wsm.conf file at %EGO_CONFDIR%\wsm.conf on Windows and $EGO_CONFDIR/wsm.conf on Linux®.
    • For the REST web server, edit the wsm_rest.conf file at %EGO_CONFDIR%\wsm_rest.conf on Windows and $EGO_CONFDIR/wsm_rest.conf on Linux.
  2. Update the ssl_protocol parameter (which defaults to TLSv1.2) to accept multiple protocol versions. Use one of the following options:
    • SSL: Enables TLS 1.0, 1.1, and 1.2 protocols.
    • SSL_TLSv2: Enables all SSL 3.0 and TLS 1.0, 1.1, and 1.2 protocols.
    For example:
    -Dssl_protocol=SSL_TLSv2
  3. Save your changes.
  4. Restart one or both services:
    egosh service stop WEBGUI 
    egosh service start WEBGUI
    egosh service stop REST
    egosh service start REST