My Oracle Support Banner

After Applying OHS/Web-Tier Patch Set 11.1.1.9 : SSL Connection to WLS fails with "Failure of Web Server bridge" (Issue 2 - SSL Ciphers) (Doc ID 2094799.1)

Last updated on DECEMBER 15, 2017

Applies to:

Oracle WebLogic Server - Version 10.3.2 to 10.3.6
Oracle HTTP Server - Version 11.1.1.9.0 to 11.1.1.9.0 [Release Oracle11g]
Information in this document applies to any platform.
Notice: There is another issue which presents the same exact way from an OHS standpoint. The error in the WLS logs will be different than above. If you encounter the error, "Invalid/unknown SSL header was received from peer HOST - IP during SSL handshake", see , "After Applying OHS/Web-Tier Patch Set 11.1.1.9 : SSL Connection to WLS fails with "Failure of Web Server bridge" (Issue 1 - SSL Protocols)"

Symptoms

After patching OHS from 11.1.1.x to 11.1.1.9 validation testing fails with:

Failure of Web Server bridge:

No backend server available for connection: timed out after 10 seconds or idempotent set to OFF or method not idempotent.

 

The connection before patching to 11.1.1.9 was successful.

mod_wl_ohs debug log shows the following error:

2016-01-05T10:15:27.0155-07:00 <2127414520141271> URL::Connect: Connectedsuccessfully
2016-01-05T10:15:27.3457-07:00 <2127414520141271> wl_ssl_open failed. Failedto initialize secure connection. retval = 20014
2016-01-05T10:15:27.3458-07:00 <2127414520141271> apr_socket_opt_set(APR_TCP_NODELAY) call failed with error=9, host=IP, port=Port
2016-01-05T10:15:27.3458-07:00 <2127414520141271> Error closing socket
2016-01-05T10:15:27.3458-07:00 <2127414520141271> *******Exception type[NO_RESOURCES] (apr_socket_opt_set(APR_SO_NONBLOCK=0) call failed with error=9, host=xx.xxx.x.x, port=7002 ) raised at line 1611 of URL.cpp

WLS managed server log shows the following:

(Using WLS Security Debug Flags: -Dweblogic.security.SSL.verbose=true -Dssl.debug=true -Dweblogic.StdoutDebugEnabled=true -Dweblogic.Debug.DebugSecurityAtn=true)

####<Jan 5, 2016 10:15:37 AM MST> <Debug> <SecuritySSL> <host.domain.com> <AdminServer> <ExecuteThread: '1' for queue: 'weblogic.socket.Muxer'> <> <> <> <1452014137465> <BEA-000000> <[Thread[ExecuteThread: '1' for queue: 'weblogic.socket.Muxer',5,Thread Group for Queue: 'weblogic.socket.Muxer']]weblogic.security.SSL.jsseadapter: SSLENGINE: Exception occurred during SSLEngine.wrap(ByteBuffer,ByteBuffer).
javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1348)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:519)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1197)
...
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)
Caused By: javax.net.ssl.SSLHandshakeException: no cipher suites in common
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:281)
...
at weblogic.socket.SocketReaderRequest.execute(SocketReaderRequest.java:42)
at weblogic.kernel.ExecuteThread.execute(ExecuteThread.java:145)
at weblogic.kernel.ExecuteThread.run(ExecuteThread.java:117)

 



Changes

WLS Managed Server's SSL security has been configured to support specific cipher suite(s) as described in <Note 1484562.1>, "Understanding SSL Protocols and Configuring Cipher Suites for Oracle WebLogic Server", in this case, using SSL_RSA_WITH_RC4_128_MD5 and/or SSL_RSA_WITH_RC4_128_SHA.

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.