Troubleshooting
Problem
The resilient-messaging.service failed to start due to wrong cipher settings.
Symptom
The resilient-messaging.log display the error as:
xx:xx:xx [ActiveMQ Transport: ssl:///127.0.0.1:59492] INFO v=unknown c.c.e.a.ActiveMQAuthorizationPlugin - Creating destination queue://search
xx:xx:xx [ActiveMQ BrokerService[detachedBroker] Task-29368] WARN v=unknown o.a.a.broker.TransportConnector - Could not accept connection from tcp://127.0.0.1:60196: no cipher suites in common (no cipher suites in common)
Failed to use "resutil" command,
e.g. When run
sudo resutil neworg -name "test org"
Get the following error:
Unable to connect to Resilient Messaging service.
Cause
The cipher settings are old, which could due the env was upgraded from the old ova a long time ago, such as from per-37.
e.g in /usr/share/co3/conf/co3.properties, it shows as
co3DbUser=mondbo
co3DbHost=localhost
co3DbPort=5432
co3DbName=co3
resDbMode=PRIMARY
resCiphers=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
resSslEnabledProtocols=TLSv1.1,TLSv1.2
resDrMode=NONE
soarStanza=ibm-security-soar
Qradar SOAR supports TLS 1.2 only from V37.Environment
Any
Diagnosing The Problem
Client.log shows the error as
thread #642 - ProducerTemplate] INFO [] c.i.r.e.SendEmailConnectionDetailsRoute - Sent Inbound Email Connection details to camel endpoint: activemq:queue:email-service.create-connection
14:49:22.641 [RMI TCP Accept-0] WARN [] sun.rmi.transport.tcp - RMI TCP Accept-0: accept loop for ServerSocket[addr=0.0.0.0/0.0.0.0,localport=43323] throws
java.net.SocketTimeoutException: Accept timed out
at java.base/java.net.PlainSocketImpl.socketAccept(Native Method)
at java.base/java.net.AbstractPlainSocketImpl.accept(AbstractPlainSocketImpl.java:474)
at java.base/java.net.ServerSocket.implAccept(ServerSocket.java:565)
at java.base/java.net.ServerSocket.accept(ServerSocket.java:533)
at jdk.management.agent/sun.management.jmxremote.LocalRMIServerSocketFactory$1.accept(LocalRMIServerSocketFactory.java:52)
at java.rmi/sun.rmi.transport.tcp.TCPTransport$AcceptLoop.executeAcceptLoop(TCPTransport.java:394)
at java.rmi/sun.rmi.transport.tcp.TCPTransport$AcceptLoop.run(TCPTransport.java:366)
at java.base/java.lang.Thread.run(Thread.java:839)
The resilient-messaging.log shows the error as
ActiveMQ Transport: ssl:///127.0.0.1:59492] INFO v=unknown c.c.e.a.ActiveMQAuthorizationPlugin - Creating destination queue://search
[ActiveMQ BrokerService[detachedBroker] Task-29368] WARN v=unknown o.a.a.broker.TransportConnector - Could not accept connection from tcp://127.0.0.1:60196: no cipher suites in common (no cipher suites in common)
Checking the cipher setting in co3.properties file, to see any unsupported insecure cipher settings listed there.
sudo cat /usr/share/co3/conf/co3.properties
Resolving The Problem
Delete some of properties in the co3.properties that no longer supported.
e.g.
vi /usr/share/co3/conf/co3.properties
delete the lines of
resCiphers=TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA
resSslEnabledProtocols=TLSv1.1,TLSv1.2
Restart the service as the following:
sudo systemctl stop resilient-messaging.service
sudo systemctl stop resilient-email.service
sudo systemctl stop resilient-scripting.service
sudo systemctl stop resilient.service
sudo systemctl start resilient-messaging.service
sudo systemctl start resilient-email.service
sudo systemctl start resilient-scripting.service
sudo systemctl start resilient.service
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSA230","label":"IBM Security QRadar SOAR"},"ARM Category":[{"code":"a8m0z000000cw4bAAA","label":"Resilient Core"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"},{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEGM63","label":"IBM Security QRadar SOAR on Cloud"},"ARM Category":[{"code":"a8m0z000000cw4bAAA","label":"Resilient Core"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
09 March 2024
UID
ibm17129892