|Pivotal Cloud Foundry® Ops Metrics||1.6.x|
Trying to connect to the Java Management Extensions (JMX) Bridge results in handshake failures.
The Ops Metrics/JMX Bridge is configured to only support TLS 1.2 and the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher. If you are connecting with a client that does not support TLS 1.2 or the TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 cipher, then the connection will fail. This will happen if you are using Java 7.
The TLS version and cipher used by Ops Metrics/JMX Bridge requires the client to use Java 1.8 or newer. Upgrade to the latest version of Java 1.8 on the client machine and check if that helps to resolve the issue.
If upgrading does not work, add "–J-Djava.net.debug=ssl,handshake" as a Java Version Manager (JVM) option when you start "jconsole" and review the output. This will show details about how the JVM is connecting and performing the handshake. If this information is not sufficient to resolve the problem, please open a ticket with support and include this output from the JVM.
The TLS version and cipher information included here is accurate at the time of the writing of this article. The TLS version and cipher may change as security requirements change. Looking at the output from "jconsole" with the additional argument listed above will show more specific and accurate details for your environment.
When troubleshooting, please note that using any protocol other than what is supported will result in the connection being terminated immediately. For example, if using "openssl s_client" to test the connection, make sure that the ClientHello only has supported ProtocolVersions.