My Oracle Support Banner

OHS 12.2.1.2 sees 'NO_RESOURCES' using SecureProxy On when WLS has Cipher Restrictions(Non Default) (Doc ID 2358443.1)

Last updated on MARCH 29, 2018

Applies to:

Oracle HTTP Server - Version 12.2.1.0.0 and later
Information in this document applies to any platform.

Symptoms

When attempting to configure SSL for mod_wl_ohs in OHS 12.2.1.2.0, the following error occurs when testing the connection.

[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: 0] [VirtualHost: main] Connection mod_wl SSL handshake failed (28860)
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: 0] [VirtualHost: main] SSL Handshake failed
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [client_id: IP] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: 0] [VirtualHost: Hostname:4443] <ECID> *******Exception type [NO_RESOURCES] (Could not open secure connection) raised at line 1826 of URL.cpp
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [client_id: IP] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: 0] [VirtualHost: Hostname:4443] Trying GET /URI at backend host 'IP/Port; got exception 'NO_RESOURCES: [os error=0, line 1826 of URL.cpp]: Could not open secure connection'
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [client_id: IP] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: 0] [VirtualHost: Hostname:4443] <ECID> request [/URI] did NOT process successfully..................



Changes

Mod_wl_ohs has been configured to communicate with WLS using SSL via following type of configuration.

<Location /console>
  SetHandler weblogic-handler
  WebLogicCluster Hostname:Port
  SecureProxy ON
  WlSSLWallet "/Wallet/Path"
</Location>

 

Weblogic Server SSL configuration has listed restricted ciphers like the following (config.xml).

<ssl>
  <name>ServerName</name>
  <enabled>true</enabled>
  <ciphersuite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</ciphersuite>
  <ciphersuite>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ciphersuite>
  <hostname-verifier xsi:nil="true"></hostname-verifier>
  <hostname-verification-ignored>true</hostname-verification-ignored>
  <export-key-lifespan>500</export-key-lifespan>
  <client-certificate-enforced>false</client-certificate-enforced>
  <listen-port>Port</listen-port>
  <two-way-ssl-enabled>false</two-way-ssl-enabled>
  <server-private-key-alias>server_cert</server-private-key-alias>
  <server-private-key-pass-phrase-encrypted>Hash</server-private-key-pass-phrase-encrypted>
  <ssl-rejection-logging-enabled>true</ssl-rejection-logging-enabled>
  <inbound-certificate-validation>BuiltinSSLValidationOnly</inbound-certificate-validation>
  <outbound-certificate-validation>BuiltinSSLValidationOnly</outbound-certificate-validation>
  <allow-unencrypted-null-cipher>false</allow-unencrypted-null-cipher>
  <use-server-certs>false</use-server-certs>
</ssl>

 

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.