Switch from OA to BA fails: [Exception] message: Received fatal alert: handshake

Switch from OA to BA fails: [Exception] message: Received fatal alert: handshake_failure

Modified on: Thu, 23 Jan, 2020 at 3:51 AM

Operations Automation Operations Automation:5.5 Operations Automation:5.x Operations Automation:6.0 Operations Automation:6.x

Symptoms

Switch from OA to BA fails.

/var/log/poa-ui.log contains following error: 2015-08-07 18:06:37,189 fa02fde890 xec-9 DEBUG CORBA #29174: Plesk.News.NewsManagerStub.getMessagesToShow(userid=1 (su_user_id=1)) >>> entry 2015-08-07 18:06:37,206 fa02fde890 xec-7 DEBUG CORBA #29172: com.parallels.psa.ProxyServiceStub.getProxyService(userid=1 (su_user_id=1)) <<< exit [20] 2015-08-07 18:06:37,206 fa02fde890 xec-7 DEBUG BMHelper Connection through proxy: 10.0.5.84:8008 2015-08-07 18:06:37,212 fa02fde890 xec-7 WARN BMHelper [Exception] message: Received fatal alert: handshake_failure

Cause

Likely the ssl configuration on BA server had been altered to exclude the ciphers used by switching mechanism operated through privacy proxy.

Resolution

Edit /etc/httpd/conf.d/ssl.conf file on BA FE to allow CipherSuite per KB#117470:

SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+AES:EDH+AES:RSA+AES:3DES:!RC4:!aNULL:!eNULL:!EXP:!MEDIUM:!LOW:!MD5

They provide enough security to protect against CVEs while allowing enough security for switch between panels to operate.

Internal content

Did you find it helpful? Yes No