OAG Connect To URL Filter Fails With SSL Protocol Error - "[SSL alert read xxxxx, xxxxx]: handshake failure [fatal]" (Doc ID 2023965.1)

Last updated on JULY 08, 2016

Applies to:

Oracle API Gateway - Version 11.1.2 and later
Information in this document applies to any platform.

Symptoms

On : 11.1.2.3 version with SP2 installed, Oracle API Gateway

When attempting to connect to a partner web site using the "Connect to URL" filter, the following scenario has been observed:

Scenario 1]

Set the Ciphers setting in the "Connect to URL" to is default value "DEFAULT".
The message "Client Hello" was sent using SSLv3, and it  returned error "Handshake Failure". In this scenario the communication ALWAYS fails.


Scenario 2]

Set the Ciphers setting in the "Connect to URL" to its default value "RC4-MD5".
The message "Client Hello" was sent using SSLv2. SSL negotiation phase completed successfully and data was sent.
In this scenario the communication failed (One Good, One Fails, One Good, etc...).
When it failed it was noticed that the negotiation phase started with SSLv3.


It was observed that whenever the negotiation phase started with SSLv3, it ALWAYS failed. In contrast, if the negotiation phase started with SSLv2, the communication will be completed successfully.

There is no issues connecting to the same Trading Partner using OEG. OEG is always able to connect out of the box.
For OAG to connect it is necessary to specify cipher RC4-MD5 in the "Connect to URL". Then OAG can connect, but randomly fails whenever the SSL negotiation phase starts with SSLv3. If it starts with SSLv2 then OAG can connect.

ERROR

 

Cause

Sign In with your My Oracle Support account

Don't have a My Oracle Support account? Click to get started

My Oracle Support provides customers with access to over a
Million Knowledge Articles and hundreds of Community platforms