Many SSL errors in OHS and opmn log files

Hello,

I have performed all required actions in following notes :
2555355.1 : Prerequisite Steps to Configure Oracle Fusion Middleware 11.1.1.9 Components for Oracle E-Business Suite Release 12.2 Before Applying July 2019 or Later FMW OSS Security Patch
1367293.1 : Enabling TLS in Oracle E-Business Suite Release 12.2

in order to set up TLS in my environment and to have valid wallets everywhere.

My application is starting and working fine, however, both following files are full of SSL errors :
$FMW_HOME/webtier/instances/EBS_web_OHS1/diagnostics/logs/OHS/EBS_web/EBS_web.log
[OHS] [ERROR:32] [] [core.c] ... NZ Library Error: Unknown error
[OHS] [ERROR:32] [] [core.c] ... nzos handshake error, nzos_Handshake returned 29019

$FMW_HOME/webtier/instances/EBS_web_OHS1/diagnostics/logs/OPMN/opmn/opmn.log
[ERROR:1] [] [ons-secure] ... SSL handshake failed (28860)
[ERROR:1] [] [ons-secure] ...SSL handshake failed (29019)

Is that a normal behavior or is there any file / wallet which is misconfigured ?

Kind regards

SSL 29019 is probably due to protocol mismatch.. For instance a client is trying to connect using an SSL/TLS protocol version that the OHS server is not configured to support.
Cipher Suite Mismatch can also trigger these errors.

We see 29019 and 28860 errors concurrently, they reinforce the conclusion that the server's SSL/TLS configuration is incompatible with the connecting client.

For instance; if your ssl.conf is configured like the following;

    SSLProtocol -ALL +TLSv1.2

Then it means your environment support TLSv1.2 SSL Protocol only. Clients that don't have that TLV 1.2 capability may cause these errors.

**a tcpdump of such a failed session could give us some details. -> send me a tcpdump output of a falied client (if you know such clients), so I can review and see the low level errors better.

See -> Remote Client Connect Fails with "Uknown Error" and "NZ error 29019" When Only TLSv1.2 SSLProtocol is Configured on Oracle HTTP Server (OHS). (Doc ID 2448671.1)

Hello,

Thank you very much for your quick answer.

I don't know from which clients it is from, maybe some monitoring tools which are not configured properly.
I will check witht he team.

Thanks a lot and have a good day.

Kind regards,