Products | Versions |
---|---|
TIBCO Runtime Agent (TRA) | TRA 5.9.1 hotfix 04 or higher |
Not Applicable | - |
Description:
The SSL server may accept some specific protocol only. There is a requirement to send SSL requests using a specific protocol.
Note that this solution currently only works with TRA 5.9.1 hotfix 04 or higher.
1). Modify the file $TIBCO_HOME/tibcojre64/1.7.0/lib/security/java.security and manually remove SSLv3 from the following:
jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768
Note that this step is required only for SSLv3 because it is disabled by JVM by default.
2). Append the following lines to the BW applicaiton's .tra file.
java.property.com.tibco.security.ssl.client.ExplicitProtocols=SSLv3
java.property.com.tibco.security.ssl.server.ExplicitProtocols=SSLv3
java.property.TIBCO_SECURITY_VENDOR=j2se
The value for ExplicitProtocols be combination of SSLv3,TLSv1,TLSv1.1,TLSv1.2 separated with comma, space( ',', ' '). For example
java.property.com.tibco.security.ssl.server.ExplicitProtocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2
Refer to KB 45679 for "How to enable SSLv3 for backward compatibility after applying POODLE vulnerability fix."