• Category Archives SSL
  • Dell DRAC Java Console SSL Socket Connection Error

    Issue: Error message “Error when reading from SSL socket connection” when launching Remote console on a Dell DRAC server using the Java Plug-in Type.

    I have always had a love/hate relationship with Java (You got me, its actually just hate, no love). There are a lot of Java configurations required for various applications but let’s get on to the actual issue.

    I have a Dell PowerEdge 2950 in my lab with DRAC that I sometimes use for remote console and management especially if I am working remotely trying to resolve something in my lab. I tried to use the Java Console and I get the following error message.

    Error Message:  “Error when reading from SSL socket connection” 

    Some lab details:

    • Server: Dell PowerEdge 2950
    • Bios: 2.7.0
    • RAC version: DRAC 5 v1.65 
    • Java Version 1.8.0_31 (latest installed)
    • OS: Windows 10 Enterprise
    • Browser: Any – tested with IE, Chrome and Firefox

    In doing some digging I found that it was using SSLv3 which is disabled by default in JAVA.

    Resolution:

    1. Open java.security file located in 
      1. C:Program FilesJava%java_version%libsecurity
        1. Note %java_version% will actually be the version of Java you have installed on your machine. Such as if you have installed JRE 1.8 Update 31 you would see the following path “C:Program FilesJavajre1.8.0_31libsecurity” 
    2. Comment out the following line by adding a #
      1. “jdk.tls.disabledAlgorithms=SSLv3”

    Voila!! Issue resolved. I can now launch the remote console using the Java Plugin.

    I could have switched to Native and used ActiveX plug-in type but I also don’t always use Internet Explorer and broken things and work-arounds bother me…

    Thanks for listening, and let me know if this does not work for you.

    See you on the flip side!!


  • SHA2 Certificates and Citrix Receiver Support

    Please be advised of a SSL certificate issue when updating or purchasing new SSL Certificates for your Citrix implementations. You will want to ensure that you purchase a SHA1 Cert and not a SHA2 cert which is currently being sold by Vendors for a cert set to expire in three (3) years or that expire during or after 2017. You will more than likely have to call your vendor and have them reissue a SHA1 cert that expires at the end of 2016 to ensure that you are functional until Citrix updates their Citrix Receivers to support SHA2 across all products.

    Microsoft has announced a new policy for Certificate Authorities (CAs) that deprecates the use of the SHA1 algorithm in SSL and code signing certificates, in favor of SHA2. The policy affects CAs who are members of the Windows Root Certificate Program who issue publicly trusted certificates.  It will allow CAs to continue to issue SSL and code signing certificates until January 1 2016, and thereafter issue SHA2 certificates only.

    The following Citrix Receiver models do not support SHA2 as of 2/25/2014 – This mostly affects the mobile receiver.

    • Linux 13.0
    • IOS 5.8.3
    • Android 3.4.13
    • HTML 5 1.2
    • Playbook 1.0
    • Blackberry 2.2 / BlackBerry 1.0 Tech Preview

     The following Citrix Receiver models do support SHA2 as of 2/25/2014

    • Windows 4.1 (std)
    • Windows 3.4 (ent)
    • Windows 8/RT (1.4)
    • Windows Phone 8 (1.1)
    • Mac 11.8.2 

    Please see the Citrix Receiver Feature Matrix for an updated list

    For more information on the deprecation of SHA1 from Microsoft, please visit the following link from Microsoft.

    You can view the algorithm of the Certificate by viewing the Certificate and looking at the Details tab.