Hello.
Our production system is vCO 5.5.1, and I'm looking to do incremental upgrade to 5.5.3, and at the same time testing 6.0.4 and seeing how the workflows react to the major version change. All are appliance installs.
So far, testing has been good. But we have some legacy REST code that runs on older Perl 5.12.1, which uses LWP routines, and these are failing hard on these versions. For 5.5.3, we cloned our production 5.5.1 instance, then upgraded it to 5.5.3. For 6.0.4, we stood up a new instance, and imported configuration and packages. We also have some newer REST code written in Ruby, which seems to work fine with these newer versions.
But, for whatever reason, the Perl code that uses LWP is failing hard on these upgraded versions. I know that newer releases of Java 7 and Java 8 disable SSL3, so I took the effort to re-enable these protocols. I've gotten so far as to confirm that SSLv3 and TLS1 works fine, by comparing output using openssl s_client -connect <VCOHOSTNAME>:8281, then using -tls1 as well as -ssl3 to confirm. The output is the same between our production 5.5.1 instance and both by test 5.5.3 and 6.0.4 versions now. But, our Perl LWP code still barfs on connecting to these newer vCO/vRO releases.
Error is:
LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure at /CUSTOM/perl/lib/site_perl/5.12.1/LWP/Protocol/http.pm line 51
Does anyone have any thoughts on what else I can do from the vRO/vCO side? I've touched both /etc/vco/app-server/server.xml and /usr/java/jre-vmware/lib/security/java.security files to enable SSLv3 and TLS1. Yes, I know that enabling these protocols isn't exactly best practice, but we can't get rid of this legacy Perl code yet.
Thanks!