How to enable only TLSv1.2 in EMS

How to enable only TLSv1.2 in EMS

book

Article ID: KB0074977

calendar_today

Updated On:

Products Versions
TIBCO Enterprise Message Service 8.3, 8.4

Description

EMS supports TLS v1.0, v1.1 and v1.2. Customer would like to know if they can enable TLS 1.2 only.

Issue/Introduction

EMS supports TLS v1.0, v1.1 and v1.2. Customer would like to know if they can enable TLS 1.2 only.

Environment

Not specific

Resolution

If you specify the TLSv1.2 cipher suites listed in EMS User's Guide in the EMS server configuration, the server will only allow SSL connections using the TLSv1.2 protocol. We have verified this with the EMS Java client.

For EMS 8.3.0 and 8.4.0, you could set the following property in the server configuration:

ssl_server_ciphers =
-ALL:AES128-SHA256:AES256-SHA256:DHE-DSS-AES128-SHA256:DHE-RSA-AES128-SHA256
:DHE-DSS-AES256-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SH
A384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-DSS-AES128-GCM-
SHA256:DHE-DSS-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-ECDSA-AES25
6-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-
GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-R
SA-AES256-GCM-SHA384

BTW, the following ER has been logged: EMS-7124 [Make the versions of TLS used configurable] for a future release.

Additional Information

https://docs.tibco.com/pub/ems/8.4.0/doc/html/wwhelp/wwhimpl/js/html/wwhelp.htm
Powered by Wolken Software