Troubleshooting
Problem
After you enable Transport Layer Security (TLS) v1.2 in IBM WebSphere® Application Server (WebSphere®) with IBM Rational Asset Manager (RAM) v7.5.4.4 (or higher) and add the required Java Virtual Machine (JVM) setting, the Client requested protocol TLSv1 not enabled or not supported error appears.
Symptom
The following screen capture shows that TLSv1.2 is correctly set in WebSphere® Security > SSL certificate and key management > SSL configuration > [Node Name] > Quality of production (QoP) settings > Protocol:
In addition, the following screen capture shows that the Application Servers > [Server Name] > Process Definition > Java Virtual Machine > Generic JVM argument contains the correct value: Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2
However, the SystemOut log file indicates that a client is still negotiating in TLS v1.0:
[date/time] 000000dd SSLHandshakeE E SSLC0008E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported at com.ibm.jsse2.D.z(D.java:496) at com.ibm.jsse2.as.b(as.java:536) at com.ibm.jsse2.as.c(as.java:375) at com.ibm.jsse2.as.wrap(as.java:203) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:41) at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake (SSLUtils.java:811) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound (SSLConnectionLink.java:617) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready (SSLConnectionLink.java:346) at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback. sendToDiscriminators(NewConnectionInitialReadCallback.java:214) at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback. complete(NewConnectionInitialReadCallback.java:113) at com.ibm.ws.tcp.channel.impl.WorkQueueManager. requestComplete(WorkQueueManager.java:558) at com.ibm.ws.tcp.channel.impl.WorkQueueManager.attemptIO (WorkQueueManager.java:608) at com.ibm.ws.tcp.channel.impl.WorkQueueManager.workerRun (WorkQueueManager.java:985) at com.ibm.ws.tcp.channel.impl.WorkQueueManager$Worker.run (WorkQueueManager.java:1074) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1892) Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 not enabled or not supported Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or its affiliates.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSUS84","label":"Rational Asset Manager"},"ARM Category":[{"code":"a8m0z000000GogSAAS","label":"Rational Asset Manager-\u003ESecurity"}],"ARM Case Number":"TS003876921","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.5.4","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
01 August 2020
UID
ibm16245620