Most of you have encountered following issue while establishing SSL session with Back-end servers using Data Power.
3:43:38 PM ssl error 23577521 0x8120001a sslproxy (): Server negotiated an unknown SSL protocol version
Here is the RCA and Solution to fix this issue.
RCA (Root Cause Analysis)
The Crypto profiles object on Data Power starting from Firmware v 6 have TLS v1.2 and 1.1 which will be enabled by default. This affects the protocol version included in the Client Hello when Data Power is acting as the SSL client. If TLS v1.2 is not supported, the server still negotiates to the most secure supported protocol (e.g. TLS v1.1, TLS v1.0, SSL v3) if enabled.
Some legacy servers with non-compliant implementations of SSL may reject connection attempts when TLS v1.2 or TLS v1.1 are used. In these cases, the handshake fails without properly negotiating to a mutually agreeable protocol.
Solution
You can try either one of the following options to fix this issue.
- Upgrade the legacy SSL servers to use highest security protocol version available. E.q. TLS v1.2
- If Option # 1 is not possible then you will need to just ENABLE only the SSL/TLS version that server supports and disable rest in Crypto profile object.
