Troubleshooting
Problem
Clients are experiencing difficulties inserting, updating, or accessing data in the cache. This issue arises when WebSphere eXtreme Scale 8.6.1.6 servers are configured with NIST SP800-131 in strict mode, and clients communicate with servers by using SSL, resulting in the following error log:
java.lang.IllegalArgumentException: Only TLS1.2 protocol can be enabled in SP800_131 strict mode
In scenarios where WebSphere eXtreme Scale (XSLD) container servers are configured with the -Dcom.ibm.jsse2.sp800-131=strict option, and restAdmin, restUI, and restData servers use SSL connections, the data cannot be accessed through REST APIs.Symptom
Clients are unable to access data from the grid when WebSphere eXtreme Scale servers are set to -Dcom.ibm.jsse2.sp800-131=strict, and clients use SSL to connect to the server.
In an XSLD environment, accessing the grid through REST APIs results in failure. The server logs indicate the following error:
In an XSLD environment, accessing the grid through REST APIs results in failure. The server logs indicate the following error:
Exception = com.ibm.wsspi.channelfw.exception.ChannelException
Source = com.ibm.ws.channel.ssl.internal.SSLConnectionLink
probeid = 238
Stack Dump = com.ibm.wsspi.channelfw.exception.ChannelException: java.lang.IllegalArgumentException: Only TLS1.2 protocol can be enabled in SP800_131 strict mode
at com.ibm.ws.channel.ssl.internal.SSLChannel.getSSLContextForLink(SSLChannel.java:485)
at com.ibm.ws.channel.ssl.internal.SSLChannel.getSSLContextForInboundLink(SSLChannel.java:277)
at com.ibm.ws.channel.ssl.internal.SSLConnectionLink.ready(SSLConnectionLink.java:313)
at com.ibm.ws.tcpchannel.internal.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:169)
at com.ibm.ws.tcpchannel.internal.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:77)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.requestComplete(WorkQueueManager.java:516)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.attemptIO(WorkQueueManager.java:586)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager.workerRun(WorkQueueManager.java:970)
at com.ibm.ws.tcpchannel.internal.WorkQueueManager$Worker.run(WorkQueueManager.java:1059)
at com.ibm.ws.threading.internal.ExecutorServiceImpl$RunnableWrapper.run(ExecutorServiceImpl.java:247)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1160)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635)
at java.lang.Thread.run(Thread.java:825)
Caused by: java.lang.IllegalArgumentException: Only TLS1.2 protocol can be enabled in SP800_131 strict mode
at com.ibm.jsse2.bf$e.(bf$e.java:12)
at java.lang.Class.forNameImpl(Native Method)
at java.lang.Class.forName(Class.java:340)
at java.security.Provider$Service.getImplClass(Provider.java:1645)
at java.security.Provider$Service.newInstance(Provider.java:1603)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:248)
at sun.security.jca.GetInstance.getInstance(GetInstance.java:218)
at javax.net.ssl.SSLContext.getInstance(SSLContext.java:11)
at com.ibm.ws.ssl.JSSEProviderFactory$2.run(JSSEProviderFactory.java:258)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:118)
at com.ibm.ws.ssl.JSSEProviderFactory.validateProvider(JSSEProviderFactory.java:253)
at com.ibm.ws.ssl.JSSEProviderFactory.getInstance(JSSEProviderFactory.java:183)
at com.ibm.ws.ssl.JSSEProviderFactory.getInstance(JSSEProviderFactory.java:76)
at com.ibm.ws.ssl.config.SSLConfigManager.(SSLConfigManager.java:187)
at com.ibm.ws.ssl.config.SSLConfigManager.getInstance(SSLConfigManager.java:194)
at com.ibm.ws.ssl.config.FIPSUtils$1.run(FIPSUtils.java:44)
at com.ibm.ws.security.util.AccessController.doPrivileged(AccessController.java:63)
at com.ibm.ws.ssl.config.FIPSUtils.checkFipsEnabled(FIPSUtils.java:39)
at com.ibm.ws.ssl.config.FIPSManager.readWASPropertiesForFips(FIPSManager.java:138)
at com.ibm.ws.ssl.config.FIPSManager.initializeFIPS(FIPSManager.java:85)
at com.ibm.ws.xs.ssl.channel.impl.SSLChannelFactory.(SSLChannelFactory.java:51)
at java.lang.J9VMInternals.newInstanceImpl(Native Method)
at java.lang.Class.newInstance(Class.java:2108)
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSTVLU","label":"WebSphere eXtreme Scale"},"ARM Category":[{"code":"a8m50000000L2AFAA0","label":"IBM WebSphere Extreme Scale"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF027","label":"Solaris"},{"code":"PF033","label":"Windows"},{"code":"PF035","label":"z\/OS"},{"code":"PF057","label":"HP"}],"Version":"8.6.1"}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
09 July 2024
UID
ibm17030472