[30/03/16 11:35:53:371 BST] 00000001 ORBRas E com.ibm.ws.orbimpl.transport.WSTransport createServerSocket P=152627:O=0:CT ORBX0390E: Cannot create listener thread. Exception=[ org.omg.CORBA.INTERNAL: CAUGHT_EXCEPTION_WHILE_CONFIGURING_SSL_SERVER_SOCKET, Exception=java.lang.IllegalArgumentException: Cannot support SSL_ECDHE_RSA_WITH_AES_256_GCM_SHA384 with currently installed providers vmcid: 0x49421000 minor code: 77 completed: No - received while attempting to open server socket on port 9403 ].
[30/03/16 11:35:53:397 BST] 00000001 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/WebSphereProfiles/ODMCell1Dmgr01/logs/ffdc/dmgr_498f4d6b_16.03.30_11.35.53.3748582431257869454898.txt com.ibm.ws.orbimpl.transport.WSTransport.startListening 805
[30/03/16 11:35:53:419 BST] 00000001 FfdcProvider W com.ibm.ws.ffdc.impl.FfdcProvider logIncident FFDC1003I: FFDC Incident emitted on /opt/ibm/WebSphereProfiles/ODMCell1Dmgr01/logs/ffdc/dmgr_498f4d6b_16.03.30_11.35.53.3975558083781694628181.txt com.ibm.ws.orbimpl.transport.WSTransport.createListener 724
[30/03/16 11:35:53:420 BST] 00000001 WsServerImpl E WSVR0009E: Error occurred during startup com.ibm.ws.exception.RuntimeError: org.omg.CORBA.INTERNAL: CREATE_LISTENER_FAILED_4 vmcid: 0x49421000 minor code: 56 completed: No
[30/03/16 11:35:53:420 BST] 00000001 WsServerImpl E WSVR0009E: Error occurred during startup com.ibm.ws.exception.RuntimeError: org.omg.CORBA.INTERNAL: CREATE_LISTENER_FAILED_4 vmcid: 0x49421000 minor code: 56 completed: No
whilst starting a WAS ND Deployment Manager.
Coincidentally (!) this happened RIGHT after I'd upgraded from WAS 8.5.5.4 to 8.5.5.8.
A quick Google search led me here: -
which said, in part: -
The problem can be related to unrestricted policy file due to SDK upgrade. Please download/install unrestricted policy files, the steps can be found at: http://www14.software.ibm.com/webapp/wsbroker/redirect?version=phil&product=was-nd-dist&topic=tsecegs (Under "Complete the following steps to download and install the new policy files:").
at which point I metaphorically slapped my forehead and said "Doh!".
I fired up my trusty CipherTest Java class: -
java -cp /mnt/Utilities/ CipherTest
which reported: -
FAILED: Max AES key length too small! (128).
I ran my script to update the Java policies to use the unrestricted world-wide ciphers: -
#!/bin/bash
cd /opt/ibm/WebSphere/AppServer/java/jre/lib/security
mv local_policy.jar local_policy.raj
mv US_export_policy.jar US_export_policy.raj
/opt/ibm/WebSphere/AppServer/java/bin/jar xvf /mnt/Java/unrestrictedpolicyfiles.zip
chmod a+rwx *.jar
mv local_policy.jar local_policy.raj
mv US_export_policy.jar US_export_policy.raj
/opt/ibm/WebSphere/AppServer/java/bin/jar xvf /mnt/Java/unrestrictedpolicyfiles.zip
chmod a+rwx *.jar
and re-ran the CipherTest: -
java -cp /mnt/Utilities/ CipherTest
PASSED: Max AES key length OK! - >= 256 (2147483647).
Sorted :-) And "Doh!" And "SLAP!"
No comments:
Post a Comment