3 Replies Latest reply on Jun 3, 2013 9:35 AM by Mats Ulvedal

    Tuxedo SALT issue

    Mats Ulvedal
      What cipher crypto is supported in Tuxedo / SALT?

      We have an outbound Tuxedo -> WS call to another organization who have change both IP, certficate and loadbalancer.
      And with that new setup our calls to theirs WebService fails.

      We have perform some test with curl and with that we are ok with the certificate chain, but with same cert. in Tuxedo it fail.

      They support the following cipher
      TLS_DHE_RSA_WITH_AES_256_CBC_SHA (0x39) DH 1024 bits (p: 128, g: 1, Ys: 128) 256
      TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA (0x88) DH 1024 bits (p: 128, g: 1, Ys: 128) 256
      TLS_RSA_WITH_AES_256_CBC_SHA (0x35) 256
      TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84) 256
      TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA (0x16) DH 1024 bits (p: 128, g: 1, Ys: 128) 168
      TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa) 168
      TLS_DHE_RSA_WITH_AES_128_CBC_SHA (0x33) DH 1024 bits (p: 128, g: 1, Ys: 128) 128
      TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA (0x45) DH 1024 bits (p: 128, g: 1, Ys: 128) 128
      TLS_RSA_WITH_AES_128_CBC_SHA (0x2f) 128
      TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41) 128
      TLS_DHE_RSA_WITH_SEED_CBC_SHA (0x9a) DH 1024 bits (p: 128, g: 1, Ys: 128) 128
      TLS_RSA_WITH_SEED_CBC_SHA (0x96) 128
      TLS_RSA_WITH_RC4_128_S

      Anything anyone??

      Regards
      Mats
        • 1. Re: Tuxedo SALT issue
          Honghsi Lo-Oracle
          Out of all the Cipher Suites you described only the following are supported

          0x0A SSL_RSA_WITH_3DES_EDE_CBC_SHA maps to-> TLS_RSA_WITH_3DES_EDE_CBC_SHA
          0x2F TLS_RSA_WITH_AES_128_CBC_SHA
          0x35 TLS_RSA_WITH_AES_256_CBC_SHA
          0x05 SSL_RSA_WITH_RC4_128_SHA ---maps to---> TLS_RSA_WITH_RC4_128_SHA (I assume your last one is this one)

          Which release of Tuxedo you are using for this? Any error or unusual message logged in the ULOG?
          • 2. Re: Tuxedo SALT issue
            Mats Ulvedal
            Hi,

            We are using Tuxedo 10.3 (RP112) and SALT 10.3 (RP015)

            160525.u30945!GWWS.2763.11.0: TRACE:ms:SCO[4095] FSM State Transition: Default>Connecting
            160525.u30945!GWWS.2763.11.0: https_connect: SSH Handshake failure, error -6994
            160525.u30945!GWWS.2763.11.0: GWWS_CAT:110: ERROR: SSL library error: SSLFatalAlert.
            160525.u30945!GWWS.2763.11.0: GWWS_CAT:109: ERROR: HTTPS error: SSL Handshaking failed..
            160525.u30945!GWWS.2763.11.0: TRACE:ms:SCO[4095] FSM State Transition: OBFail>Error

            So we we maybe don't have a problem with cipher,

            but we have test all our cert with CURL and then it works.

            We are a little confused and desperat now.

            Regards
            Mats
            • 3. Re: Tuxedo SALT issue
              Mats Ulvedal
              Hi, it is now solved.

              I downloaded RP117 and then it works just fine.

              But something happend regarding x509 cert. between RP103 and RP112.
              Because when we tested this we used Tuxedo 10.3 with RP112, but we used Tuxedo 10.3 with RP103 in production.


              Thanks.