TLS 1.1 support for FTPS (RBC requirement)

Giridhar_Ommi1 · February 8, 2016, 9:05pm

Hi All,
We have interfaces to RBC using FTPS. Now that RBC is mandating to use TLS1.1 protocol, Can I know what options we have to implement FTPS TLS 1.1 in webMethods. We are in V 8.2 and planning to upgrade to V 9.8 just to support these interafces.
I got to know from SAG that they support TLS1.1 ONLY for HTTPS and NOT FTPS. So we are now confused.
I am sure there might be a few who ran into same issues who have interfaces with RBC. If you can please share with us what approach you took to resolve this…

What other alternatives we have to implement FTPS with TLS1.1 in webMethods (Like using custom java services using jcraft/jsch etc)
Can we use custom java services to do HTTPS and FTPS in V 8.2 version itself with TLS 1.1?

Holger_von_Thomsen · February 9, 2016, 12:04pm

Hi Gridhar,

you should consider to migrate to build-in SFTP on wm 9.8 (which is based on Jcraft SecureChannel).

Make sure you have applied the IS-Core-Fix and correlating SCG_Entrust Fix for POODLE vulnerabillity.

Regards,
Holger

Giridhar_Ommi1 · February 9, 2016, 3:41pm

Thanks Holger… I am looking for FTPS and not SFTP…

Holger_von_Thomsen · February 9, 2016, 4:15pm

Hi Gridhar,

in this case make sure that you are on the latest Fix-Level for wM 8.2.

Additionally you need to apply the Java 1.7 Update to your servers as TLS1.1 and TLS1.2 require Java 7.

Regards,
Holger

Giridhar_Ommi1 · February 9, 2016, 4:24pm

Thanks for the reply Holger…
So, if I understand correctly, updating to java 7 and installing latest fixes on V 8.2, we should be able to implement ftps TLS 1.1?
As per SAG, V 8.2 wont support TLS 1.1 and so I am not getting clarity around this…

Tong_Wang · February 9, 2016, 9:37pm

IF SAG is saying V8.2 is not supporting TLS 1.1, you’d better trust them.
Did they say that newer version of IS support TLS 1.1 in FTPS implementation?

Giridhar_Ommi1 · February 10, 2016, 6:21am

Thanks Tong Wang…
SAG says that they wont support TLS1.1 for FTPS in newer version as well. They only support TLS 1.1 for HTTPS.
So looking out for alternatives

Holger_von_Thomsen · February 10, 2016, 1:31pm

Hi Gridhar,

when SAG says that they do not support it, it might be that it works.
If it works, than if there any issues you wont get support from SAG for these.

As mentioned already, you should consider switching to SFTP (available from wM 9.5 on).

Regards,
Holger

Victor_N · May 20, 2016, 10:09pm

We are in same boat but with a little bit different requirement. We want FTPS to work on all versions TLS1.0, TLS1.1 and TLS1.2 in our wM97 environment. SAG replied that this is in cooking stage and their R&D is gonna address this issue soon with some sort of fix. They ran into complication on how to address this issue on previous releases. We will get a patch soon but not sure when that happens. Will keep you posted on updates

Thanks,
Victor

Ramesh_Dondapati1 · December 7, 2016, 1:24am

We are using webMethods 9.8 and have raised a ticket with SAG on FTPS with TLS1.1 protocol. Do any of guys have the luck using pub.client.ftp:login to connect to FTPS site successfully. We are trying to connect to RBC site and they only support FTPS with TLS 1.1. Appreciate any help or guidance.

Thanks,
Ramesh

Holger_von_Thomsen · December 7, 2016, 1:53pm

Hi Ramesh,

as pointed out in earlier replies to this thread, this is currently not possible.

Please check on Brainstorm if there is a feature request ongoing for this.
If there is one you can check its state.
If not you should open one.

Regards,
Holger

Ramesh_Dondapati1 · December 7, 2016, 5:59pm

Hello Holger,

Thank you. I have checked the feature request # 04008 present for this and there is no update. Further, I have raised the feature request# 04345 for webMethods 9.8, I will keep you guys posted if there is any update from SAG. Thank you!

Regards,
Ramesh