Oracle HTTP Server 12.2.1.0+ Fails with 'NO_RESOURCES' using SecureProxy On when WLS has Strong Cipher Restrictions(Non Default)
(Doc ID 2358443.1)
Last updated on FEBRUARY 06, 2024
Applies to:
Oracle HTTP Server - Version 12.2.1.0.0 and laterInformation in this document applies to any platform.
Symptoms
When attempting to configure SSL for mod_wl_ohs in OHS 12.2.1.0+, the following error occurs when testing the connection.
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: x] [VirtualHost: main] Connection mod_wl SSL handshake failed (28860)
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: x] [VirtualHost: main] SSL Handshake failed
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [client_id: IP] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: x] [VirtualHost: Hostname:4443] <ECID> *******Exception type [NO_RESOURCES] (Could not open secure connection) raised at line 1826 of URL.cpp
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [client_id: IP] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: x] [VirtualHost: Hostname:4443] Trying GET /URI at backend host 'IP/Port; got exception 'NO_RESOURCES: [os error=0, line 1826 of URL.cpp]: Could not open secure connection'
[Timestamp] [OHS] [ERROR:32] [OH99999] [weblogic] [client_id: IP] [host_id: Hostname] [host_addr: IP] [pid: PID] [tid: TID] [user: User] [ecid: ECID] [rid: x] [VirtualHost: Hostname:4443] <ECID> request [/URI] did NOT process successfully..................
Changes
Mod_wl_ohs has been configured to communicate with WLS using SSL via following type of configuration.
<Location /<CONTEXT_ROOT>>
SetHandler weblogic-handler
WebLogicCluster Hostname:Port
SecureProxy ON
WlSSLWallet "/Wallet/Path"
</Location>
Weblogic Server SSL configuration has listed restricted ciphers like the following (config.xml).
<ssl>
<name>ServerName</name>
<enabled>true</enabled>
<ciphersuite>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</ciphersuite>
<ciphersuite>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</ciphersuite>
<hostname-verifier xsi:nil="true"></hostname-verifier>
<hostname-verification-ignored>true</hostname-verification-ignored>
<export-key-lifespan>500</export-key-lifespan>
<client-certificate-enforced>false</client-certificate-enforced>
<listen-port>Port</listen-port>
<two-way-ssl-enabled>false</two-way-ssl-enabled>
<server-private-key-alias>server_cert</server-private-key-alias>
<server-private-key-pass-phrase-encrypted>Hash</server-private-key-pass-phrase-encrypted>
<ssl-rejection-logging-enabled>true</ssl-rejection-logging-enabled>
<inbound-certificate-validation>BuiltinSSLValidationOnly</inbound-certificate-validation>
<outbound-certificate-validation>BuiltinSSLValidationOnly</outbound-certificate-validation>
<allow-unencrypted-null-cipher>false</allow-unencrypted-null-cipher>
<use-server-certs>false</use-server-certs>
</ssl>
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
| Symptoms |
| Changes |
| Cause |
| Solution |
| References |