In DataPower firmware version 7 most of the SSL proxy profile objects have been affected with the titled error. All the certificates are validated even though you would see the Connection Hangup error.
The main reason for this error is,
Solution: Check the Disable TLS v1.1 and TLS v1.2 options. By default they were enabled. If the server is configured with TLS v1.1 and v1.2 capability then you wouldn't find this issue at all.
The main reason for this error is,
- Crypto Profile object in DataPower have the series of open SSL options which modify the behavior of SSL hand shake,
- From version 7 DataPower supporting the TLS v1.1 and 1.2 protocols. As we all know SSL is being replaced by TLS due its high security, but most of the servers are still using the combination of SSl v3.0 and TLS 1.0 for the SSL negotiation.
- There are explicit options available on the crypto profile object to disable the TLS v1.1 and 1.2 if these options not checked then the SSL handshake will take the highest security protocol TLS 1.1 or TLS 1.2 by default and cannot complete the SSL handshake due the server was expecting the SSL v3 and TLS 1.0.
Solution: Check the Disable TLS v1.1 and TLS v1.2 options. By default they were enabled. If the server is configured with TLS v1.1 and v1.2 capability then you wouldn't find this issue at all.
