- This topic has 6 replies, 3 voices, and was last updated 9 years, 4 months ago by matt97.
-
AuthorPosts
-
matt97ParticipantNote: The install log is quite extensive and contains company-specific information. If the support personnel would like to view it, I can submit it via email.
Our current development environment consists of multiple Java-EE projects (compiled to 1.5) in a MyEclipse 2014 environment, using WebSphere 8.5 as our application server. My colleague recently upgraded to MyEclipse 2015 and migrated the projects (he had to add some facets and bump the compiled version to 1.6 to get it working). He’s not having any issues in his development environment.
I’ve recently tried to mimic the process he took but I’ve run into a very odd issue (which wasn’t present in my MyEclipse 2014 workspace, and which my colleague didn’t encounter). When I start my WebSphere 8.5 profile outside of MyEclipse 2015, without any projects deployed, it starts fine. However, when I start it within MyEclipse 2015, it also starts correctly, but I get the following stack trace after it’s “open for e-business”:
[7/14/15 12:15:42:365 EDT] 00000045 SSLHandshakeE E SSLC0008E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported at com.ibm.jsse2.K.B(K.java:141) at com.ibm.jsse2.SSLEngineImpl.b(SSLEngineImpl.java:106) at com.ibm.jsse2.SSLEngineImpl.c(SSLEngineImpl.java:184) at com.ibm.jsse2.SSLEngineImpl.wrap(SSLEngineImpl.java:582) at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:16) at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:746) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:566) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:295) at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881) Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol SSLv3 not enabled or not supported at com.ibm.jsse2.o.a(o.java:9) at com.ibm.jsse2.SSLEngineImpl.a(SSLEngineImpl.java:576) at com.ibm.jsse2.K.a(K.java:448) at com.ibm.jsse2.K.a(K.java:266) at com.ibm.jsse2.M.a(M.java:525) at com.ibm.jsse2.M.a(M.java:198) at com.ibm.jsse2.K.t(K.java:51) at com.ibm.jsse2.K$b.run(K$b.java:3) at java.security.AccessController.doPrivileged(AccessController.java:373) at com.ibm.jsse2.K$c.run(K$c.java:4) at com.ibm.ws.ssl.channel.impl.SSLUtils.handleHandshake(SSLUtils.java:833) ... 12 more [7/15/15 10:34:11:330 EDT] 00000044 SSLHandshakeE E SSLC0008E: Unable to initialize SSL connection. Unauthorized access was denied or security settings have expired. Exception is javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at com.ibm.jsse2.c.a(c.java:3) at com.ibm.jsse2.SSLEngineImpl.a(SSLEngineImpl.java:414) at com.ibm.jsse2.SSLEngineImpl.unwrap(SSLEngineImpl.java:7) at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:24) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.readyInbound(SSLConnectionLink.java:535) at com.ibm.ws.ssl.channel.impl.SSLConnectionLink.ready(SSLConnectionLink.java:295) at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.sendToDiscriminators(NewConnectionInitialReadCallback.java:214) at com.ibm.ws.tcp.channel.impl.NewConnectionInitialReadCallback.complete(NewConnectionInitialReadCallback.java:113) at com.ibm.ws.tcp.channel.impl.AioReadCompletionListener.futureCompleted(AioReadCompletionListener.java:175) at com.ibm.io.async.AbstractAsyncFuture.invokeCallback(AbstractAsyncFuture.java:217) at com.ibm.io.async.AsyncChannelFuture.fireCompletionActions(AsyncChannelFuture.java:161) at com.ibm.io.async.AsyncFuture.completed(AsyncFuture.java:138) at com.ibm.io.async.ResultHandler.complete(ResultHandler.java:204) at com.ibm.io.async.ResultHandler.runEventProcessingLoop(ResultHandler.java:775) at com.ibm.io.async.ResultHandler$2.run(ResultHandler.java:905) at com.ibm.ws.util.ThreadPool$Worker.run(ThreadPool.java:1881)
As a result, even though the server is up and running (and I can access it via the console), MyEclipse seems to try updating its own server status but can’t, and therefore it fails after the timeout threshold is reached. It then assumes shows the server as Stopped in the Servers view, even though it’s still running (and still throwing exceptions every 5s or so).
This exact same profile works perfectly in MyEclipse 2014.
I’ve tried the following so far:
– renewing the cert in the trust store
– starting MyEclipse with the -clean option
– removing the profile and re-adding it as ‘localhost’ as opposed to the ‘migrated’ status it had when I first brought it in
– ensuring the WAS paths are pointing to the correct JDK (they are)So far, I’m the only other developer who has attempted this migration, so I don’t have any other people to compare with.
Any suggestions?
MattEDIT: I recall that in previous versions, prior to deploying a project to WAS 8.5 in MyEclipse 2014 and earlier, an SSL certificate warning would appear, indicating that we needed to restart the workspace/server in order to resolve it. I haven’t seen that message in 2015 yet… that might be related.
- This topic was modified 9 years, 5 months ago by matt97.
support-swapnaModeratormatt97,
Sorry that you are seeing this issue.
Can you please these suggestions ?
1. Open the Server Overview page by double clicking on the Websphere server in the Servers view. In the Security section, if the ‘Administrator security is enabled on the server’ is not checked, then check it , restart the server and check if the issue persists.
2. If the above does not fix the issue, check the ‘SOAP’ protocol instead of ‘IPC’ in the Advanced server settings section of the Overview page, restart the server and check if it fixes the issue.
3. If the above two suggestions do not work, then set the JVM argument :
Click on ‘Open the launch configuration’ link, switch to the ‘Arguments’ tab and add this entry :
-Dcom.ibm.jsse2.disableSSLv3=false in the VM arguments section.
Restart the server and check if it fixes the issue.Let us know how it works for you.
–Swapna
MyEclipse Support
matt97ParticipantHi Swapna,
Thanks for the reply.
1. I already have Administrator security and I’ve confirmed that it’s the correct username and password
2. There is no Advanced server settings available on my overview page. Is this available only for certain types of WAS profiles?
3. I added this but nothing changed.Do you have any other suggestions?
Matt
support-swapnaModeratorMatt,
Sorry that you are still seeing the issue.
The Advanced server settings is added to MyEclipse in our recent release.Can you please share with us the MyEclipse Version and Build Id from Help > About section?
If you are working with MyEclipse 2015 CI stream, then please update to CI 13, which is the latest version in the CI stream. If you are working with MyEclipse 2015 Stable release, then update to MyEclipse 2015 Stable 2.0.
Let us know how it works for you.
–Swapna
MyEclipse Support
matt97ParticipantHi Swapna,
It appears we’re on the Stable 1.0 release (see attachment), which we download from an internal delivery site (our version has some plugins, our license, and other settings pre-installed). Is there an update site to upgrade from this version to Stable 2.0?
Regards,
MattAttachments:
You must be logged in to view attached files.
Brian FernandesModeratorMatt,
I believe you are referring to an internal secure delivery center install from which you get served a customized MyEclipse package?
If your package administrator clicks the “Get Packs” (described in section #4 here: https://www.genuitec.com/products/sdc/learning-center/installation/delivery-center-installation/) this will install the stable 2.0 pack automatically onto your server. The package that you are using then needs to be updated from Stable 1.0 to Stable 2.0, with the update committed and promoted – you should then be able to take this update locally.
If you need more assistance or are using MyEclipse differently, please let us know.
matt97ParticipantI updated my MyEclipse 2015 install to the Stable 2.0 build and switched from IPC to SOAP and that seemed to have solved the problem.
Thanks for your help!
-
AuthorPosts