Java / DRAC: Error When Reading From SSL Socket Connection
Unable to connect to remote DRAC (version 5) unit on an older DELL PowerEdge server.
I observed the following visual error:
1
"Error when reading from SSL socket connection".
Invoking the Java Web start client (javaws) on my local shell, returned the following warnings:
1234567
$ javaws server.jnlp
javax.net.ssl.SSLException: Connection has been shutdown: javax.net.ssl.SSLHandshakeException: No appropriate protocol \(protocol is disabled or cipher suites are inappropriate)Caused by: javax.net.ssl.SSLHandshakeException: No appropriate protocol \(protocol is disabled or cipher suites are inappropriate)
"Starting with the January 20, 2015 Critical Patch Update releases (JDK 8u31, JDK 7u75, JDK 6u91 and above) the Java Runtime Environment has SSLv3 disabled by default."
This was in response to Padding Oracle On Downgraded Legacy Encryption (POODLE) CVE-2014-3566, a vulnerability found in the SSLv3 protocol.
Based on this information, my recent Java update on my workstation disabled SSLv3 support, effectively breaking my ability to connect to the DRAC unit.
SSLv3 is disabled by default
Starting with JDK 7u75 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default. See the java.security.Security property jdk.tls.disabledAlgorithms in <JRE_HOME>/lib/security/java.security file.
If SSLv3 is absolutely required, the protocol can be reactivated by removing "SSLv3" from the jdk.tls.disabledAlgorithms property in the java.security file or by dynamically setting this Security property to "true" before JSSE is initialized.
To easily locate the java.security file on your system:
12345
$ updatedb
$ locate java.security
# This returned the following on my workstation:/etc/java-7-openjdk/security/java.security
/usr/lib/jvm/java-7-openjdk-amd64/jre/lib/security/java.security
Comment out the following line from the file listed by the previous ‘locate’ command: