CA PPM 15.5.1 with SSL Problems

Document ID : KB000125229
Last Modified Date : 29/01/2019
Show Technical Document Details
Issue:
After Upgrading to CA PPM 15.5.1 you will notice Processes which perform XOG operations fail. The BG-CA.log & process logs show the below error. 

    Exception in thread "main" javax.net.ssl.SSLHandshakeException: 
    extension (10) should not be presented in server_hello 
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:128) 
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:117) 
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:308) 
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:264) 
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:255) 
    at java.base/sun.security.ssl.SSLExtensions.<init>(SSLExtensions.java:71) 
Environment:
CA PPM Release 15.5.1
Cause:
This is a known Java Bug. For more Information: See JDK Bug System
Resolution:
1. Upgrade your Java to Oracle JDK 11.0.2 from the Java Downloads 
2. Add -Djdk.tls.client.protocols=TLSv1.2 parameter to APP & BG JVM parameters in CSA and  Restart the services.
Additional Information:
Note: 

1. You will encounter this problem only when you generate your SSL certificate using TLSv1.3. 
2. Ensure to get your SSL certificate generated using TLSv1.2 as CA PPM supports only TLSv1.2 with 15.5.1
3. The Resolution point 2 is applicable if you company still want to use certificate generated by TLSv1.3