Management GUI wont load, SSLv3 not supported by Java8

Symptom:

Management Console/User Interface of the Bluecoat fails to load fully
Exceptions are thrown

Problem:

Java version 8 does not support SSL protocol version 3

Solution:

Java version 8 does not support SSLv3
Bluecoat ProxySG is configured by default to use SSLv2/v3

Solution: force proxysg to use TLSv1

Login via SSH to bluecoat
enter enable mode (“en”), enter enable password
“conf t” to enter configuration mode from the terminal
“management-services” to enter management-services hierarchy of configuration

Your terminal should now display
bluecoat#(config management-services)

“edit HTTPS-console” to enter HTTPS-Console hierarchy of configuration

Your terminal should now display
bluecoat#(config HTTPS-Console)

“view” to see the settings of the https-console
example output:

bluecoat#(config HTTPS-Console)view
Service Name:   HTTPS-Console
Service:        HTTPS-Console
Attributes:     <None>
Keyring: default
SSL Protocol version: sslv2v3
CA Certificate List: <All CA Certificates>
Cipher Suite: rc4-md5 rc4-sha des-cbc3-sha des-cbc-sha exp-rc4-md5 exp-rc2-cbc-md5 exp-des-cbc-sha aes128-sha aes256-sha
Destination IP    Port Range
<All>             8082              Enabled

You are looking for the SSL protocol version. Indicate above as sslv2v3.
Java8 does not support SSLv3 connections

“attribute ssl-versions tlsv1” will force the proxysg to use TLSv1 instead of SSLv3.
“view” again to ensure the change has taken place

Ensure you have whitelisted the webpage in the Java Control Panel

Java Control Panel>Security tab> Exception Site List> Edit Site List…
Add https://x.x.x.y:8082 to the list

reload the site to ensure management UI functionality

 

Comments:

Ensure you have whitelisted the webpage in the Java Control Panel

Java Control Panel>Security tab> Exception Site List> Edit Site List…
Add https://x.x.x.y:8082 to the list

reload the site to ensure management UI functionality

Was this article helpful?

Related Articles

Leave A Comment?

You must be logged in to post a comment.