Delphix Reporting Connection to Delphix Engine Lost after Engine Upgrade (KBA3763)

Applicable Delphix Versions

Issue

After upgrading Delphix Engine to 5.3.2.0 from 5.2.6.1 the connection to the Delphix Reporting Engine was lost.

The Delphix Reporting Engine was version 1.5.

Troubleshooting

The failed connection will be reported as "Error: Received fatal alert: handshake failure" from the Engine Summary view.

Please note, in the above example the Engine is still reported as 5.2.6.1 because since the upgrade to 5.3.2.0 Delphix Reporting has been unable to establish a connection.

The issue is introduced because Delphix Reporting 1.5 uses Java 7 (1.7.0_121) and the Cipher Suite available with this version of Java is not enabled (by default) for an Engine running 5.3.2.0. As a consequence, the Cipher suite negotiation between the two nodes does not complete so the Transport Layer Security (TLS) Handshake Protocol fails.

Resolution

The following workarounds are available:

1. Upgrade Delphix Reporting to 2.0

2. Install a later version of Java on the Delphix Reporting Host. Testing indicated at least Java 1.7u201 or Java 1.8u201 is sufficient.

3. Enable the HTTPS Cipher from the 5.3.2.0 Delphix Engine. In this case we were able to reestablish connectivity by enabling the following Cipher.

Ultimately it is the decision of the customer's security team to decide whether enabling the Cipher is acceptable. However, turning them on merely returns the customer to the same state they were in prior to the upgrade.

Additional Information

From 5.3.2 it is possible to enable individual Ciphers in Network Security Settings in Setup.

External Links

1. ESCL-2313 Delphix Reporting HTTPS connection to Delphix engine breaks after upgrade to 5.3.2.0