SAP Knowledge Base Article - Public

1470968 - WIJ 20002 error launching Java Report Panel on the client machines with JRE 1.6.0_19 or higher

Symptom

  • Trying to launch Java Report Panel in Infoview on the client machines with JRE 1.6.0_19 or higher generate WIJ 20002 error.
  • Detail message of the error shows as follows:
Version:null Application server:                                                                                                    
https://www.awps.army.mil:443/AnalyticalReporting/Webi/cdzServlet                                                                   
Stack trace: java.lang.RuntimeException: javax.net.ssl.SSLException:                                                                
HelloRequest followed by an unexpected handshake message at                                                                         
com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at                                                              
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at                                                                 
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at                                                                  
com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at                                                                  
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverHelloRequest                                                                    
(Unknown Source) at                                                                                                                 
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown                                                                
Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown                                                              
Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record                                                                   
(Unknown Source) at                                                                                                                 
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)                                                               
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown                                                                
Source) at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown                                                                 
Source) at java.io.BufferedInputStream.fill(Unknown Source) at                                                                      
java.io.BufferedInputStream.read1(Unknown Source) at                                                                                
java.io.BufferedInputStream.read(Unknown Source) at                                                                                 
sun.net.www.http.HttpClient.parseHTTPHeader(Unknown Source) at                                                                      
sun.net.www.http.HttpClient.parseHTTP(Unknown Source) at                                                                            
sun.net.www.http.HttpClient.parseHTTP(Unknown Source) at                                                                            
sun.net.www.protocol.http.HttpURLConnection.getInputStream(Unknown                                                                  
Source) at
                                                                                                                          
sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream                                                                    
(Unknown Source) at com.businessobjects.wp.cpi.CPIConnection.postRequest(Unknown Source) at com.businessobjects.wp.xml.XMLViaHttp.lo
adScript                                                                                                                            
(Unknown Source) at com.businessobjects.wp.xml.XMLViaHttp.initInstance                                                              
(Unknown Source) at com.businessobjects.wp.xml.XMLSession.load(Unknown                                                              
Source) at com.businessobjects.wp.xml.XMLSession.load(Unknown Source)                                                               
at com.businessobjects.wp.om.OMSessionLoader.load(Unknown Source) at                                                                
com.businessobjects.wp.tc.TCMain.initClient(Unknown Source) at                                                                      
com.businessobjects.wp.tc.thread.InitAppletRunner.run(Unknown Source)                                                               
at java.lang.Thread.run(Unknown Source) at                                                                                          
com.businessobjects.wp.cpi.CPIConnection.postRequest(Unknown Source) at                                                             
com.businessobjects.wp.xml.XMLViaHttp.loadScript(Unknown Source) at                                                                 
com.businessobjects.wp.xml.XMLViaHttp.initInstance(Unknown Source) at                                                               
com.businessobjects.wp.xml.XMLSession.load(Unknown Source) at                                                                       
com.businessobjects.wp.xml.XMLSession.load(Unknown Source) at                                                                       
com.businessobjects.wp.om.OMSessionLoader.load(Unknown Source) at                                                                   
com.businessobjects.wp.tc.TCMain.initClient(Unknown Source) at                                                                      
com.businessobjects.wp.tc.thread.InitAppletRunner.run(Unknown Source)                                                               
at java.lang.Thread.run(Unknown Source)    

Environment

  • Business Objects Enterprise Release 3.1
  • Client machines' JRE is 1.6.0_19 or higher.
  • Using SSL connections and SmartCard authentication

Reproducing the Issue

  1. From the client machines running JRE 1.6.0_19 or higher, log in Infoview.
  2. Try to create a report with Java Report Panel.
  3. WIJ 20002 error is displayed.
  4. Modifying the exisiting reports generate the same error.

Cause

  • This issue is not Business Objects Enterprise issue.
  • It is Transport Layer Security (TLS) Renegotiation Issue specific to JRE 1.6.0_19 or higher using SSL communication with Smart Card authentication.

Resolution

1. Apply the Java SDK 1.6.0_22 as it has a new phase 2 fix for the SSLHandshakeException/handshake_failure 
2. If clients do not send the proper RFC 5746 messages, initial connections will immediately be terminated by the server.

http://www.oracle.com/technetwork/java/javase/documentation/tlsreadme2-176330.html

Phase 2: The IETF issued RFC 5746 which addresses the renegotiation protocol flaw. A fix which implements RFC 5746 and supports secure renegotiation is included in the following releases:

JDK Family

Vulnerable
Releases

Phase 1 Fix
(Disable Reneg.)

Phase 2 Fix
(RFC 5746)

JDK and JRE 6

Update 18 and earlier

Updates 19-21

Update 22

  • sun.security.ssl.allowUnsafeRenegotiation - Introduced in Phase 1, this controls whether legacy (unsafe) renegotiations are permitted.
  • sun.security.ssl.allowLegacyHelloMessages - Introduced in Phase 2, this allows the peer to handshake without requiring the proper RFC 5746 messages.

Keywords

KBA , BI-RA-WBI , Web Intelligence , Problem

Product

SAP BusinessObjects Xcelsius Enterprise 2008