Problem

Some older REST API clients might not be able to connect to the ST Admin UI after upgrade to ST 5.3.3 due to TLSv1 and/or SSLV2Hello being by default disabled on the server. One such example can be an application running on Java 6.

Resolution

The steps to enable TLSv1 and/or SSLv2Hello are:

1. Navigate to ST Admin UI > Operations > Server Configuration and search for the parameter Admin.EnabledCipherSuites

2. Add the following to the end of the cipher list and save it: TLS_RSA_WITH_AES_256_CBC_SHA

3. Backup and edit the file <FILEDRIVEHOME>/tomcat/admin/conf/server.xml

NOTE: Note the different syntax of the "TLS1" string below. This is the correct value, so if your file already has it set to TLSv1 instead of "TLSv1.0", step 4 can be skipped.

4. Under the "Connector" element change the following:

from:

sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1.0"

to:

sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1"

5. To enable the SSV2Hello pseudo protocol:

sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1,SSLv2Hello"

6. Restart the admin service so the changes to take effect.