Thursday, July 13, 2017

Possible solution for TLS 1.2 issues between Windows 10 and Oracle EPM Weblogic


We have recently seen some users of both Dodeca and Hyperion products where Windows 10 machines have issues connecting to the Weblogic servers shipped with Oracle EPM due to the absence of the TLS 1.2 protocol.  The underlying issue is that Windows 10 is an evolution of technology whereas Oracle EPM Weblogic, and more specifically the Java version tested and shipped with it, are stuck in the stone age.  Java 1.6 started its journey to "end of life" in late 2013 and, though it continues to be covered under Extended Support, the EPM team has not delivered an update for their server.  Ironically, there is even a Java 1.6 version, Update 121, that now supports TLS 1.2; EPM is on Update 35.

So, what do you do?  I would be very hesitant to upgrade the Java version delivered with the EPM System.  After all, Oracle spent a lot of time working to certify on that version of Java.  One of our Senior Support Engineers, Jay Zuercher, did find something that appears to work - it hasn't yet been widely tested but may be worth a try.  Here are the steps he followed:

  1. Login to the Weblogic console.
  2. Navigate to Environment->Servers->AnalyticProviderServices0 (or to the server in which you are attempting to connect).
  3. Click on the SSL tab and expand the Advanced section at the bottom.
  4. Enable the “Use JSSE SSL” checkbox.
  5. Save changes.
  6. Navigate to the Server Start tab.
  7. Add the following string to the “Arguments” box:
    1. -Dweblogic.security.SSL.protocolVersion=TLS1
  8. Save changes.
  9. Activate all changes.
  10. Restart the applicable service. 
These steps are furnished with no guarantees, but hopefully you will find them helpful.


4 comments:

Unknown said...

Hi,

Did you have any issues with this workaround?

Thanks

Tim Tow said...

We have no known issues with this approach. One of the things I like about this type of approach is that it is easily reversible.

Tim

Francisco Amores (@akafdmee) said...

Hi Tim,

We have been struggling with similar issue in the last two days. I had in mind that workaround to be tested on Monday :-)

Our issue is FDMEE connecting to Anaplan Cloud which supports TLS 1.1/1.2 only. The FDMEE script is tasing an annoying SSL handshake exception.

Regards

Tim Tow said...

Francisco,

Let me know how it works for you.

Tim