Novell Home

My Favorites

Close

Please to see your favorites.

Cannot accelerate internal Web Server with Access Gateway due to SSL handshake failures

This document (7014421) is provided subject to the disclaimer at the end of this document.

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2 SUpport Pack 2 applied
NetIQ Access Manager 3.2 Access Gateway Appliance

Situation

NAM 3.2.2 Access Gateway is accelerating a secure Web server. When users hit this web server, they get 504 gateway timeout errors instead of the actual back end application pages. Looking at traces, one can see that the Access Gateway attempts to do an SSL negotiate with an internal resource using SSL v2.  Since the internal resource will not allow negotiation for SSL v2, the SSL handshake aborts and the users receive the error. Is there a way to prevent AM from trying to use SSL v2.

Resolution

Add the following advanced options to the Access Gateway configuration to disable SSL v2

SSLProtocol All -SSLv2
SSLProxyProtocol All -SSLv2

Mod_ssl defines the SSL parameters (http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslprotocol) that we need. Since we are talking to the back end Web server, we actually need to set sslproxyprotocol directive. The SSLProtocol directive defines the SSL parameters for communication between the browser and the Access Gateway.

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7014421
  • Creation Date:16-JAN-14
  • Modified Date:16-JAN-14
    • NetIQAccess Manager (NAM)

Did this document solve your problem? Provide Feedback