How to enable TLSv1.2 protocol for Client on Java 7 using TIBCO ActiveMatrix BusinessWorks Plug-in for REST and JSON.

How to enable TLSv1.2 protocol for Client on Java 7 using TIBCO ActiveMatrix BusinessWorks Plug-in for REST and JSON.

book

Article ID: KB0092839

calendar_today

Updated On:

Products Versions
TIBCO ActiveMatrix BusinessWorks Plug-in for REST and JSON -
Not Applicable -

Description

Description:
TIBCO ActiveMatrix BusinessWorks Plug-in for REST and JSON provides a typical TLS authentication type called unilateral. Only the server is authenticated. The client knows the identity of the server but not vice versa.The client validates the server certificate by checking the digital signature of server certificates,verifying that it is valid and recognized by a known Certificate Authority using public key encryption. Java 7 shipped with TIBCO Run-time Agent supports TLS v1.1 by default, but not TLS v1.2 due to a TLS version intolerance issue. The following demonstrates how to force a web service running on Java 7 to accept a TLS v.1.2 connection depending on your TIBCO Run-time Agent version.

Issue/Introduction

How to enable TLSv1.2 protocol for Client on Java 7 using TIBCO ActiveMatrix BusinessWorks Plug-in for REST and JSON.

Environment

Product: TIBCO ActiveMatrix BusinessWorks Plug-in for REST and JSONVersion: 1.1.1 and 2.0.0OS: All supported operating systemsJava 7

Resolution

Use the table of contents below to locate the correct set of instructions for your TIBCO ActiveMatrix BusinessWorks and TIBCO Runtime Agent version.

==========
Environment Configurations:
    TIBCO Run-time Agent: 5.8
**********
Resolution

1). TIBCO Run-time Agent: 5.8 hot-fix.08
2). Enable one of the bellow properties in your designer.tra or application.tra
    "java.property.https.protocols=TLSv1.2" to use TLS v1.2,  as jre 7 (shipped with TRA 5.8) is not using the TLS v.1.2 by default due to TLS version intolerance issue. 
    "java.property.TIBCO_SECURITY_VENDOR=j2se" use to select the security vendor from Entrust to "j2se" or IBM "ibm".  
==========
Environment Configurations:
    TIBCO Run-time Agent: 5.9
**********
Resolution

1). TIBCO Run-time Agent: 5.9 hot-fix.04
2). Enable one of the bellow properties in your designer.tra or application.tra
    "java.property.https.protocols=TLSv1.2" to use TLS v1.2,  as jre 7 (shipped with TRA 5.9) is not using the TLS v1.2 by default due to TLS version intolerance issue. 
    "java.property.TIBCO_SECURITY_VENDOR=j2se" use to select the security vendor Entrust to "j2se" or IBM "ibm".  
==========

Note: -When Entrust or IBM is selected to be the security provider, the TLS protocol versions 1.2 is not applicable.

        

        -If you are using TIBCO Runtime Agent: 5.10 shipped with java 8, TLS v1.2 is enable by default. Adding the property "java.property.TIBCO_SECURITY_VENDOR=j2se" in your designer.tra or application.tra will be enough to configure your Client to support TLS v1.2

        

        -You must restart your project in Designer or redeploy your application in Admin after adding the properties to apply the changes. 

Additional Information

LBN 43917 (TIBCO Runtime Agent 5.8.0 Hotfix 08 is available)
https://mft.tibco.com under /AvailableDownloads/TRA_Designer/
LBN 43938 (TLS v1.2 support in TIBCO BusinessWorks 5.11)
Powered by Wolken Software