My Oracle Support Banner

TLSv1.2 Handshake Fails If Endpoint Chain Uses RSASSA-PSS Signature Algorithm (Doc ID 2759910.1)

Last updated on JUNE 23, 2021

Applies to:

Oracle Service Bus - Version 12.2.1.3.0 and later
Information in this document applies to any platform.

Symptoms

OSB is failing to call a business service which points to an HTTPS server listening for TLSv1.2 handshakes where part of server's certificate chain uses the RSASSA-PSS signature algorithm.

Java introduced support in jdk 1.8.0_251 however the weblogic certificate path validator still appears to reject the certificate.

Tried using the RSA JSSE implementation (https://docs.oracle.com/middleware/12213/wls/SECMG/ssl_jsse_impl.htm#SECMG499) but the performance impacts are not acceptable.


ERROR
-----------------------

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.