TLS 1.2 support for OLIS

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

TLS 1.2 support for OLIS

Darwin Tsai
Does OLIS support TLS 1.2 ?

I got this error message after adding TLS 1.2 in Tomcat7 as part of the SHA-2 migration for MCEDT and HCV -

"The following should be added to JAVA_OPTS in /etc/default/tomcat7: 
-Djdk.tls.client.protocols=TLSv1.2 -
Dsun.security.ssl.allowUnsafeRenegotiation=false -
Dhttps.protocols=TLSv1.2"

I got the following error with the OLIS checker:

Olis Configuration Checker
Checking Properties

    SSLException Truststore Error: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
    SSLException Error: Server chose TLSv1, but that protocol version is not enabled or not supported by the client.
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: TLS 1.2 support for OLIS

Darwin Tsai
With OLIS currently not supporting TLS 1.2, the work around solution is to enable TLSv1:

Added to JAVA_OPTS in /etc/default/tomcat7:  
-Djdk.tls.client.protocols=TLSv1,TLSv1.2  
-Dsun.security.ssl.allowUnsafeRenegotiation=false  
-Dhttps.protocols=TLSv1,TLSv1.2"
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: TLS 1.2 support for OLIS

m45guo
In reply to this post by Darwin Tsai
This is my /etc/default/tomcat7 java-opt

JAVA_OPTS="-Djava.awt.headless=true -Xmx19272m -Xms19272m -Xss256k -XX:MaxNewSize=128m -XX:MaxPermSize=512m -Djava.awt.headless=true -server -Xincgc -Dorg.apache.el.parser.COERCE_TO_ZERO=false -XX:+UseConcMarkSweepGC -Dorg.apache.cxf.stax.allowInsecureParser=1 -Doscar_selfbook_portal_config=/var/lib/tomcat7/webapps/selfbook_override.xml"

Hope it helps
Loading...