Continuing on my exploration to deal with new and new things around Datapower and SSL. For the one of the integration Datapower was acting like a SSL Client and Backend was SSL Server. The DP Logs showed errors "Connection Hangup on the Back Interface"
Did a packet capture on Datapower and Found that
1. Datapower initiates a "Client Hello" to the Backend Server
2. But the Backend sends a "RST : Reset" message back.
As a part of diagnosis did the following
1. Enabled All the possible options in the crypto profile (SSL v2, v3 , TLS 1.x).
2. Did Explicit mention of the Cipher Spec so that it matches with the backend. But in vain
Finally Found that in the backend server there was Setting enabled for SNI (Server Name Identification).
This setting is part of the TLS Extenstions and only from Datapower firmware v7.2 onwards this is supported.
We turned this setting OFF on the backend and IT WORKED.
Rakesh
Did a packet capture on Datapower and Found that
1. Datapower initiates a "Client Hello" to the Backend Server
2. But the Backend sends a "RST : Reset" message back.
As a part of diagnosis did the following
1. Enabled All the possible options in the crypto profile (SSL v2, v3 , TLS 1.x).
2. Did Explicit mention of the Cipher Spec so that it matches with the backend. But in vain
Finally Found that in the backend server there was Setting enabled for SNI (Server Name Identification).
This setting is part of the TLS Extenstions and only from Datapower firmware v7.2 onwards this is supported.
We turned this setting OFF on the backend and IT WORKED.
Rakesh
