How to make a BusinessWorks application send SSL requests with SSLv3 or a specified protocol.

How to make a BusinessWorks application send SSL requests with SSLv3 or a specified protocol.

book

Article ID: KB0075004

calendar_today

Updated On:

Products Versions
TIBCO Runtime Agent (TRA) TRA 5.9.1 hotfix 04 or higher
Not Applicable -

Description

Description:
The SSL server may accept some specific protocol only. There is a requirement to send SSL requests using a specific protocol. 

Resolution

Note that this solution currently only works with TRA 5.9.1 hotfix 04 or higher.

 

1). Modify the file $TIBCO_HOME/tibcojre64/1.7.0/lib/security/java.security and manually remove SSLv3 from the following:

 

jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

 

Note that this step is required only for SSLv3 because it is disabled by JVM by default.

 

2). Append the following lines to the BW applicaiton's .tra file. 

 

java.property.com.tibco.security.ssl.client.ExplicitProtocols=SSLv3

 

java.property.com.tibco.security.ssl.server.ExplicitProtocols=SSLv3

 

java.property.TIBCO_SECURITY_VENDOR=j2se

 

The value for ExplicitProtocols be combination of SSLv3,TLSv1,TLSv1.1,TLSv1.2 separated with comma, space( ',', ' '). For example

java.property.com.tibco.security.ssl.server.ExplicitProtocols=SSLv3,TLSv1,TLSv1.1,TLSv1.2

 

Refer to KB 45679 for "How to enable SSLv3 for backward compatibility after applying POODLE vulnerability fix."

 

 

 

 

Issue/Introduction

How to make a BusinessWorks application send SSL requests with SSLv3 or a specified protocol.

Additional Information

KB:45679 for "How to enable SSLv3 for backward compatibility after applying POODLE vulnerability fix."