How can I resolve an error stating, 'Received fatal alert: handshake_failure'?

Answer

Planview Hub version 18.3+ and Tasktop Sync version 4.15+ include an update to a newer bundled Java Runtime Environment which could cause errors when attempting to establish connections with IBM Engineering Requirements Management DOORS Next versions 6.0.0 or older and  IBM Engineering Workflow Management versions 6.0.0 or older..

If an error message is displayed which contains the following text 'Received fatal alert: handshake_failure', this is likely caused by incompatible cipher suites between the newer JRE version and the repository.

This can be resolved securely by making a configuration change to the IBM server, or via a less secure workaround that involves explicitly removing a disabled cipher from the java security files included in the JRE bundled with Hub.

To resolve securely on the server hosting the IBM repository:

1. Ensure the webservice is stopped, and update the web application server to use only modern, secure ciphers. An example list of ciphers, as well as suggested configuration help for both Tomcat and WebSphere Application Server, can be found here: http://www-01.ibm.com/support/docview.wss?uid=swg21959325
2. Ensure the JCE Unlimited Strength Jurisdiction Policy Files are installed in the web service Java Runtime Environment libraries. They can be obtained here: https://www.ibm.com/marketing/iwm/iwm/web/reg/pick.do?source=jcesdk&lang=en_US
3. If these steps do not resolve the issue, it may also be necessary to update the IBM webservices to their latest corresponding iFix version.

To resolve on the Hub client via a workaround (warning: this approach is less secure, as it involves continued use of the '3DES' cipher suites):

• Ensure Hub is stopped
• In the Hub installation directory, edit \jre\lib\security\java.security
• Remove the '3DES_EDE_CBC' value from jdk.tls.disabledAlgorithms and save the change