This article provides inputs on the strengthening SSL communications in APIX-G

This article provides inputs on the strengthening SSL communications in APIX-G

All Supported Platforms

- It is the underlying JRE that selects the cipher suites during SSL handshake.
- The JRE can be upgraded to the latest build available, on the supported version.

The below properties in the asg-engine.tra should be updated with references to the latest JRE when required:
tibco.env.TIB_JAVA_HOME
tibco.env.JVM_LIB_PATH
tibco.env.JVM_LIB_DIR

#On Northbound side
For communication between Client and APIX
As FacadeHTTPSSLChannel is used, the below property can be used to enforce protocol:
tibco.clientVar.DefaultImplementation/Connections/HTTP/FacadeHTTPSSLConnection/SSLServerProtocols=TLSv1,TLSv1.1,TLSv1.2

#On Southbound side
For communication between APIX and Target Services:
1). Edit the asg-engine.tra file.
2). Append the following Java property to java.extended.properties (change the values per requirement).
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
3). Restart the engine.
One could consider enabling TLSv1.2 only here and check if that helps.