How to restrict TLS protocols for TIBCO MFT Internet Server and Command Center

How to restrict TLS protocols for TIBCO MFT Internet Server and Command Center

book

Article ID: KB0077323

calendar_today

Updated On:

Products Versions
TIBCO Managed File Transfer Internet Server All

Description

The TLSProtocols parameter in the web.xml file allows you to define the TLS protocols that will be supported by FTPS and PlatformServer SSL and applies to Internet Server. The valid values are: TLSv1, TLSv1.1, and TLSv1.2. By default, any TLS protocol is allowed. Before changing this parameter, make sure that all FTPS andPlatform Server clients and servers support the defined TLS protocol. This parameter applies to FTPS(FTP over SSL) and Platform Server SSL connections only. HTTPS connections use the parameters in the server.xml SSLEnabledProtocols parameter.

Issue/Introduction

How to restrict TLS protocols for TIBCO MFT Internet Server and Command Center

Environment

All supported environments

Resolution

Make sure to backup the existing xml files before making any changes. The application server must be restarted after saving any changes.

To restrict TLS protocols that will be supported by FTPS and PlatformServer SSL to TLSv1.2 only, update the TLSProtocols parameter in the <install folder>/server/webapps/cfcc/WEB-INF/web.xml:

        <context-param>
                <param-name>TLSProtocols</param-name>
                <param-value>TLSv1.2</param-value>
        </context-param>

To restrict TLS protocols that will be supported by HTTPS connections to TLSv1.2 only, update the sslEnabledProtocols parameter in the connector found in <install folder>/server/conf/server.xml file:

sslEnabledProtocols="TLSv1.2"

Additional Information

https://docs.tibco.com/pub/mftis/8.2.0/doc/html/GUID-76D526B4-211B-4B93-922F-B7FFCD934AB2.html 
https://docs.tibco.com/pub/mftcc/8.2.0/doc/html/GUID-4CB73C2D-F52C-4034-901B-5829EEE61DED.html
Powered by Wolken Software