How to explicitly enable TLSv 1.2 in TIBCO Administrator

How to explicitly enable TLSv 1.2 in TIBCO Administrator

book

Article ID: KB0073541

calendar_today

Updated On:

Products Versions
TIBCO Administrator 5.10.x, 5.11.x

Description

How can I configure  TIBCO Administrator to only accept the TLS1.2 request?

This solution will need the following combination of TRA and Admin HF.
For Admin 5.11.x:

  • TRA 5.11.2 and Admin 5.11.2.


For Admin 5.10.x:

  • TRA 5.10.3 and Admin 5.10.3.
  • TRA 5.10.0 HF-05(or latest)and Admin 5.10.0 HF-01


For Admin  5.9.1

  • TRA 5.9.1 HF-04(or latest) and Admin 5.9.1 HF-02.


For Admin  5.9.0

  • TRA 5.9.0 HF-08 (or latest) and Admin 5.9.0 HF-02.


For Admin 5.8.0 

  • TRA 5.8.0 HF 11 (or latest) and Admin  5.8.0 HF-01

Issue/Introduction

How to explicitly only enable TLSv 1.2 in TIBCO Administrator

Environment

Product: TIBCO Administrator , TIBCO Runtime Agent Version:5.11.x,5.10.x,5.9.x,5.8.0 OS : All

Resolution

OPTION 1:

To enable TLSv 1.2 in TIBCO Administrator . We can configure sslProtocol="TLSv1.2" in HTTP Connector element in <TIBCO_HOME>/Administrator/<Domain_Name>/tomcat/conf/server.xml 
<Connector port="8443" 
 protocol="org.apache.coyote.http11.Http11Protocol"
 maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
 keystoreFile="ssl/.keystore" keystorePass="changeit"
 clientAuth="false" sslProtocol="SSL" sslEnabledProtocols="TLSv1.2" />
 
**NOTE:   If OPTION 1 does not help please use OPTION 2


OPTION 2: 

Please add following set of properties to tibcoadmin_<DomainName>.tra:

###############################Add Following Properties###############################

#Disable SSLV3
java.property.com.tibco.security.ssl.client.EnableSSLv3=false
java.property.com.tibco.security.ssl.server.EnableSSLv3=false

#Disable TLSv1.0
java.property.com.tibco.security.ssl.client.EnableTLSv1=false
java.property.com.tibco.security.ssl.server.EnableTLSv1=false

#Disable TLSv1.1
java.property.com.tibco.security.ssl.client.EnableTLSv11=false
java.property.com.tibco.security.ssl.server.EnableTLSv11=false

#Enable explicit protocol TLSv1.2
java.property.com.tibco.security.ssl.client.ExplicitProtocols=TLSv1.2
java.property.com.tibco.security.ssl.server.ExplicitProtocols=TLSv1.2

java.property.com.tibco.security.ssl.client.EnableSSLv2Hello=false
java.property.com.tibco.security.ssl.server.EnableSSLv2Hello=false

java.property.com.tibco.security.ssl.client.EnableSSLv3Hello=false
java.property.com.tibco.security.ssl.server.EnableSSLv3Hello=false

java.property.TIBCO_SECURITY_VENDOR=j2se

############################### END of Properties ######################################

NOTE: The value for ExplicitProtocols be combination of SSLv3,TLSv1,TLSv1.1,TLSv1.2 separated with comma, space( ',', ' '). 

For example
java.property.com.tibco.security.ssl.server.ExplicitProtocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2

To Troubleshoot/debug  the issue add following property :

# To enable SSL Debug
java.property.javax.net.debug=ssl,handshake

--------------------------------------------------------------------------------------------------
  

 
Powered by Wolken Software