Problem

After applying Patch 45 for SecureTransport 5.4 xml_import tool might start to fail with the following error message:

The size of the handshake message (56589) exceeds the maximum allowed size (32768)

Resolution

The embedded JRE was upgraded to version 1.8.0_281 in Patch 45. A change in version 1.8.0_271 introduced a limit on the size of the TLS handshake messages. In some cases, when ST had accumulated a large list of Trusted CA certificates in its store, the JRE's default limit settings are insufficient to allow xml_import tool to work.

The solution is to add the following parameter in the xml_import tool:

JAVA_OPTS="-Djdk.tls.maxHandshakeMessageSize=65536 $JAVA_OPTS"

The value for jdk.tls.maxHandshakeMessageSize must be greater than the value reported in the error message. In the example above see "The size of the handshake message (56589) ...".