This post is more than 5 years old
34 Posts
0
382971
vWorkspace 7.6. Java Connector and JRE 8 Update 31
hi,
After Updating to JRE 8 Update 31 (which by default disables ssl 3.0) Clients cannot connect via secure-it anymore.
disabling SSL 3.0 at Server via registry -> neither Java connector or Windows connector connect.
HKey_Local_Machine\System\CurrentControlSet\Control\SecurityProviders \SCHANNEL\Protocols\SSL 3.0\Server
I use pnsslcli.dll Version 8.0.306.1565 (the Update to Support Windows 8.1 Clients)
I also tried to replace the Java Client with the newer Jar-files from 8.5 Java Connector with no success.
I currently advise users to use the Windows Connector or stay with Java 8 Update 25.
regards
Markus
DELL-Ian S
14 Posts
0
January 22nd, 2015 10:00
Hi Markus,
OK. As Andrew said, if you're going to disable SSLv3 on the Secure-IT gateway machine, then you'll need the appropriate Connector version: 8.0 build 1565 or 8.5. As for Java - I'd stay away from it and use a platform-specific Connector (Windows, Linux, Mac, iOS, Android) instead.
Java Connector is used usually when nothing else is working or there are issues of getting a proper Connector installed on the client machine (like unsupported OS version).
Ian
DELL-Ian S
14 Posts
0
January 22nd, 2015 08:00
Hi Markus,
So clients with previous Java builds can still connect through the same SSL gateway?
Ian
DELL-Andrew W1
378 Posts
0
January 22nd, 2015 08:00
Hi Markus,
If I can separate out the two questions.
It looks like you say, if you disable SSL3 on your SSL Gateway, the Windows Connectors cannot connect anymore.
You then mention pnsslcli.dll - 8.0.306.1565 IS the version that is meant to work when SSL3 is disabled (It was 1440 that added RDP 8.1 Support)
It's not a cumulative patch so we recommend installing the latest optional hotfix that you require and then installing the 1565 patch.
For example, if this was a fresh install of 1565 on a Window 8.1 box, it would fail to connect - not because of SSL3 being disabled but because of not supported RDP8.1 :(
In that case, you'd want to uninstall 1565, install 1440 (or the latest optional hotfix 1530 ) and then Reinstall 1565.
This would give you RDP 8.1 Support AND allow you to connect with SSL 3.0 disabled.
Easier than all of that is to install the 8.5 Connector :D
Thanks, Andrew.
126747
mwehr
34 Posts
0
January 22nd, 2015 09:00
Hi Ian,
yes.
There is a Workaround for JRE 8 Update 31: enable the hidden Setting sslv3 in the File C:\Program Files (x86)\Java\jre1.8.0_31\lib\security\Java.security (jdk.tls.disabledAlgorithms=SSLv3)
from Java log lines with sslv3 disabled:
-----
2094 [javawsApplicationMain] INFO net.propero.rdp.ISO - SSL gateway certificate checking. Host: xxxxxx.com:443
2094 [javawsApplicationMain] INFO com.provisionnetworks.common.SSLUtil - Get SSL certificates from host
2094 [javawsApplicationMain] INFO com.provisionnetworks.common.SSLUtil - Enable TLS protocol
2359 [javawsApplicationMain] WARN com.provisionnetworks.common.SSLUtil - Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
javax.net.ssl.SSLHandshakeException: Server chose SSLv3, but that protocol version is not enabled or not supported by the client.
if i however disable SSLv3 at the Server the Connection gets "stuck" for both Windows and Java Connector.
regards
Markus
mwehr
34 Posts
0
January 22nd, 2015 09:00
Hi Andrew,
i will look into the v8.5 and html5 :) in the meantime advise users to stay with Java 8 u 25.
It seems my SSL Gateway is misconfigured or missing Updates. Because it is not working after disabling SSLv3.
regards
MArkus