SSL Problem After Upgrading to Java 7
After you upgraded NEXUSe2e to a newer Version which requires Java 7 and encounter the following error message while receiving messages from partners who still use Java 5 you may want to follow the instructions described below.
Message submission failed: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
As the Java doc for the JSSE provider shows, some SSL ciphers have been deprecated in Java 7 due to security vulnerabilities. This led to a slight change in default-enabled protocols and ciphers, which can result in this issue.
Be advised that enabling deprecated SSL protocols will set you at risk.
To alleviate the issue, modify the tomcat connector for NEXUSe2e and add sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2,SSLv2Hello" to it. This manually enables SSLv2hello pseudo-protocol, which will result in messages being received again.
<Connector port="8443" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
- Stop NEXUSe2e.
- Check your Windows Services panel for the name of the NEXUSe2e service. *
- In your Tomcat directory, go to subdirectory bin. There, you should find a file called <SERVICE_NAME>w.exe. For example, if the service name is NEXUSe2e, the file name is NEXUSe2ew.exe.
- Open that .exe file (Admin rights required).
- In the tab "Java", add -Dhttps.protocols=TLSv1,SSLv3,SSLv2Hello to the "Java Options" text box. Note that there may be no spaces in between.
- Start NEXUSe2e and test the connection again.
* If you are not familiar with administrating a Windows Tomcat Service, find some help here.