IBM Support

The resilient-messaging.service failed to start due to wrong cipher settings.

Troubleshooting


Problem

The resilient-messaging.service failed to start due to wrong cipher settings.

Symptom

The resilient-messaging.log display the error as:
xx:xx:xx [ActiveMQ Transport: ssl:///127.0.0.1:59492] INFO  v=unknown  c.c.e.a.ActiveMQAuthorizationPlugin - Creating destination queue://search
xx:xx:xx [ActiveMQ BrokerService[detachedBroker] Task-29368] WARN  v=unknown  o.a.a.broker.TransportConnector - Could not accept connection from tcp://127.0.0.1:60196: no cipher suites in common (no cipher suites in common)
Failed to use "resutil" command,
e.g. When run 
sudo resutil neworg -name "test org"
Get the following error:
Unable to connect to Resilient Messaging service.

Cause

The cipher settings are old, which could due the env was upgraded from the old ova a long time ago, such as from per-37.
e.g in /usr/share/co3/conf/co3.properties, it shows as 
co3DbUser=mondbo

co3DbHost=localhost

co3DbPort=5432

co3DbName=co3

resDbMode=PRIMARY

resCiphers=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA

resSslEnabledProtocols=TLSv1.1,TLSv1.2


resDrMode=NONE

soarStanza=ibm-security-soar
Qradar SOAR supports TLS 1.2 only from V37.

Environment

Any

Diagnosing The Problem

Client.log shows the error as 
thread #642 - ProducerTemplate] INFO  [] c.i.r.e.SendEmailConnectionDetailsRoute - Sent Inbound Email Connection details to camel endpoint: activemq:queue:email-service.create-connection
14:49:22.641 [RMI TCP Accept-0] WARN  [] sun.rmi.transport.tcp - RMI TCP Accept-0: accept loop for ServerSocket[addr=0.0.0.0/0.0.0.0,localport=43323] throws
java.net.SocketTimeoutException: Accept timed out
	at java.base/java.net.PlainSocketImpl.socketAccept(Native Method)
	at java.base/java.net.AbstractPlainSocketImpl.accept(AbstractPlainSocketImpl.java:474)
	at java.base/java.net.ServerSocket.implAccept(ServerSocket.java:565)
	at java.base/java.net.ServerSocket.accept(ServerSocket.java:533)
	at jdk.management.agent/sun.management.jmxremote.LocalRMIServerSocketFactory$1.accept(LocalRMIServerSocketFactory.java:52)
	at java.rmi/sun.rmi.transport.tcp.TCPTransport$AcceptLoop.executeAcceptLoop(TCPTransport.java:394)
	at java.rmi/sun.rmi.transport.tcp.TCPTransport$AcceptLoop.run(TCPTransport.java:366)
	at java.base/java.lang.Thread.run(Thread.java:839)
The resilient-messaging.log shows the error as
ActiveMQ Transport: ssl:///127.0.0.1:59492] INFO  v=unknown  c.c.e.a.ActiveMQAuthorizationPlugin - Creating destination queue://search
[ActiveMQ BrokerService[detachedBroker] Task-29368] WARN  v=unknown  o.a.a.broker.TransportConnector - Could not accept connection from tcp://127.0.0.1:60196: no cipher suites in common (no cipher suites in common)
Checking the cipher setting in co3.properties file, to see any unsupported insecure cipher settings listed there.
sudo cat /usr/share/co3/conf/co3.properties

Resolving The Problem

Delete some of properties in the co3.properties that no longer supported.
e.g.
vi /usr/share/co3/conf/co3.properties
delete the lines of
resCiphers=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
resSslEnabledProtocols=TLSv1.1,TLSv1.2
Restart the service as the following:
sudo systemctl stop resilient-messaging.service
sudo systemctl stop resilient-email.service
sudo systemctl stop resilient-scripting.service
sudo systemctl stop resilient.service

sudo systemctl start resilient-messaging.service
sudo systemctl start resilient-email.service
sudo systemctl start resilient-scripting.service
sudo systemctl start resilient.service

Related Information

Changing ciphers

Document Location

Worldwide

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z000000cw4bAAA","label":"Resilient Core"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEGM63","label":"IBM Security QRadar SOAR on Cloud"},"ARM Category":[{"code":"a8m0z000000cw4bAAA","label":"Resilient Core"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
09 March 2024

UID

ibm17129892

Page Feedback