Siebel JBS - TLSv1.2 handshake fails for Java code on AIX platform - no protocol renegotiation happening (Doc ID 2822521.1)

Last updated on NOVEMBER 25, 2021

Applies to:

Symptoms

Siebel EAI - On version: 20.4

On a Test / UAT environment, a Java Business Service (JBS) was implemented to communicate with a remote system - using custom Java code. The requirement was to do this using only TLS1.2 protocol (as per external system setup and requirements).
This was causing handshake errors being reported in Siebel; if the remote system is set to accept temporarily TLS1.0, then the communication goes well.

The JBS call is using JAVA64 named subsystem with: "CONTAINERURL = http://localhost:9012/siebel/jbs"

On same environment, an Outbound HTTPS Business Service call using TLS1.2 is working with no problems - confirming the setenv.sh settings were correctly in place as per <Document:2321673.1> .
This second Business Service is using JavaContainerSubsys with: "CONTAINERURL = http://localhost:9012/siebel/outboundeai"


Errors seen in the Siebel AOM log:

and Tomcat log (catalina.out)

The steps to replicate the issue on that specific environment were:
1. Check and confirm that setenv.sh file has already the required settings in place:
CATALINA_OPTS="-Djavax.net.ssl.minimumProtocolVersion=TLSv1.2 -Dhttps.protocols=TLSv1.2 -Ddeployment.security.TLSv1.2=true"
2. Test the JBS execution - and see the handshake failure for TLSv1.2;
3.Test the Outbound HTTPS execution - and see that completing fine with TLSv1.2 protocol;

Changes

Cause

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.