A workaround for TLSv1 error after java update
With the latest java update, some instances of Lawson are throwing exceptions. The portal is throwing a 404 error, and SSOCfgInfoServlet throws a 500 error.
In this scenario, the security_authen.log is throwing an exception “Failed to initialize authentication layer.” The lase_server_0_0.log has a much more detailed error message referring to “Client requested protocol TLSv1 is not enabled or supported in server context”.
To resolve the issue, edit the java.security file at JAVA_HOME/jre/lib/security. Update the jdk.tls.disabledAlgorithms line to include TLSv2.
This is a temporary solution; Infor is working on a permanent solution to resolve this issue.
security_authen.log
Thu Aug 12 10:02:49.303 CDT 2021 – default-421637524 – L(4) : tenantID=DEFAULT thread=main. CacheManager.setRefreshInterval(): RefreshInterval =null is invalid.
Thu Aug 12 10:02:49.309 CDT 2021 – default-421637524 – L(4) : tenantID=DEFAULT thread=main. CacheManager.setRefreshInterval(): RefreshInterval =28800 seconds
Thu Aug 12 10:02:49.309 CDT 2021 – default-421637524 – L(4) : tenantID=DEFAULT thread=main. CacheManager.getCacheProperties: cache properties were initialized: Development=false, Instance=com.lawson.security.util.cache.ConcurrentCache, RefreshInterval=28800,
Thu Aug 12 10:05:55.179 CDT 2021 – default–932566529 – L(2) : error starting up SecEvent servlet, original message: Failed to initialize authentication layer. Cause Connection error (server.company.com, null). Cause: {2}.
Stack Trace :
com.lawson.security.authen.SecurityAuthenException: Connection error (server.company.com, null). Cause: {2}.
at com.lawson.security.authen.LawsonAuthentication.initClientAuthenDatThroughSSL(LawsonAuthentication.java:449)
at com.lawson.security.authen.LawsonAuthentication.initClientAuthenDat(LawsonAuthentication.java:307)
at com.lawson.security.authen.LawsonAuthentication.remoteInit(LawsonAuthentication.java:2593)
at com.lawson.security.authen.LawsonAuthentication.initializeForTenant(LawsonAuthentication.java:244)
at com.lawson.security.authen.LawsonAuthentication.performInitializeForTenant(LawsonAuthentication.java:181)
at com.lawson.security.authen.LawsonAuthentication.initializeForTenant(LawsonAuthentication.java:127)
at com.lawson.security.authen.LawsonAuthentication.initialize(LawsonAuthentication.java:116)
at com.lawson.security.authen.SecEventServlet.init(SecEventServlet.java:86)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.init(ServletWrapper.java:345)
at com.ibm.ws.webcontainer.servlet.ServletWrapperImpl.init(ServletWrapperImpl.java:168)
at com.ibm.ws.webcontainer.servlet.ServletWrapper.loadOnStartupCheck(ServletWrapper.java:1369)
at com.ibm.ws.webcontainer.webapp.WebApp.doLoadOnStartupActions(WebApp.java:649)
Lase_server_0_0.log
21-08-12 10:10:46:682 12 default.SEVERE authen.SSOServer.run(): SSOServer: Got unexpected exception when processing new secured connection com.lawson.security.server.LawsonNetException: Got exception while writing to connection /11.111.111.11,10001
Stack Trace : com.lawson.security.server.LawsonNetException: Got exception while writing to connection /11.111.111.11,10001
at com.lawson.security.server.AbstractDefaultEventSource.write(AbstractDefaultEventSource.java:299)
at com.lawson.security.server.Connection.<init>(Connection.java:170)
at com.lawson.lawsec.authen.SecuredConnection.<init>(SecuredConnection.java:39)
at com.lawson.lawsec.authen.SSOServer.run(SSOServer.java:180)
Caused by: javax.net.ssl.SSLHandshakeException: Client requested protocol TLSv1 is not enabled or supported in server context
at sun.security.ssl.Alert.createSSLException(Alert.java:131)
at sun.security.ssl.Alert.createSSLException(Alert.java:117)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:357)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:313)
at sun.security.ssl.TransportContext.fatal(TransportContext.java:304)
at sun.security.ssl.ClientHello$ClientHelloConsumer.negotiateProtocol(ClientHello.java:740)
at sun.security.ssl.ClientHello$ClientHelloConsumer.onClientHello(ClientHello.java:705)
at sun.security.ssl.ClientHello$ClientHelloConsumer.consume(ClientHello.java:683)
Update JAVA_HOME/jre/lib/security/java.security
