000017503 - Brocade Encryption Switch fails to connect to RSA DPM appliance after upgrade

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000017503
Applies ToBrocade switch running Fiber OS (FOS) version 7.1.x and up
Brocade ADX Load Balancers
RSA Data Protection Manager Appliance 3.2.4.2
RSA Data Protection Manager Appliance 3.5.x
IssueBrocade Encryption Switch fails to connect to DPM appliance after upgrade
Brocade switch end the TLS communication with an "Illegal Parameter" during the SSL handshake:
Brocade switch going through a Brocade ADX load balancer fails to connect to DPM.
 
Secure Sockets Layer   TLSv1 Record Layer: Alert (Level: Fatal, Description: Illegal Parameter)   Content Type: Alert (21)   Version: TLS 1.0 (0x0301)   Length: 2   Alert Message     Level: Fatal (2)     Description: Illegal Parameter (47)

 
ResolutionThere is a known issue with the TLS library used by the Brocade switch where it will fail during TLS handshake if the server supports secure renegotiation. To work around this issue TLS renegotiation must be turned off on the DPM appliance until Brocade provides a fix.
Run the following three (3) commands in the order shown, on the DPM appliance:
 
sed -i.`date +%Y%m%d` 's/^SSLSessionCache .*/SSLSessionCache none/;s/^SSLSessionCacheTimeout.*/SSLSessionCacheTimeout 0/' /etc/httpd/conf.d/ssl.conf
service httpd stop
service httpd start

 
Legacy Article IDa66523

Attachments

    Outcomes