please check if you are using JSSE or not for your communication.
Can you check IntegrationServer server.log or System out log (usually redirected to nohoup.out or something similar) for further informations?
See IntegrationServer readme for IS_9.8_Core_Fix6 for details how to configure the extended settings.
Eventually you wnat to check trhe server.log with enhanced logging level activated:
Note: When the logging facility 0006 Server SSL Interface is
set to the Debug logging level, Integration Server writes
messages about protocols used for inbound and outbound ports to
the server log. At the Trace logging level, Integration Server
writes messages about the enabled cipher suites.
I think you need to have “JCE Unlimited Strength Jurisdiction Policy Files” onto your server to implement keys of 256.
You can check the JCE details at server startup.
I am not sure if this could be the reason, other members on the forum can confirm about the same.
I am new in this technology so do we have any document which helps me to understand detail configuration of ciphers.
I guess I need to reconfigure ciphers in an extended setting.
Unfortunately, i haven’t done this kind of changes on webMethods.
We had a requirement to support keys with 256 Bits for a Java project. For which we had done the changes.
Please share your email I’d. We can discuss more on that.
sslv2 is still available, but it is only configured for outgoing connections by default.
Generally usage of SSL v2 and SSL v3 should be avoided whenever possible.
Please note that TLS V1.1 and TLS V1.2 require a JVM version 7 or newer and the usage of JSSE for the connection.
The older Entrust library is currently only supporting TLS V1 but not TLS V1.1 and TLS V1.2.
If IS Core Fix15 installed, how we can configurate without affecting the existing connections in the Extended Settings:
watt.net.ssl.client.cipherSuiteList=default
watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.client.handshake.minVersion=sslv2
you should make sure that the servers at your partner side you are connecting to can handle TLS for transport security.
After that you can change “watt.net.ssl.client.handshake.minVersion=sslv2” to “watt.net.ssl.client.handshake.minVersion=tls” to switch of sslv2 and sslv3. “tls” stands for TLS v1.0 here.
This setting is the only one which is configured to allow sslv2 and sslv3 by default, all other settings in this context are already set to tls by default.
The server at partner side can handle TLS v1.0 for transport security.
We want to know if our environment can use both sslv2 and TLS v1.0 when outgoing, and how we can set in Extended Settings. Because we connect to another partners using sslv2.
in this case you should the settings on the default values.
But you should get in contact with those partners who are still requiring sslv2 and check if they can update their systems to at least TLS v1.0 to enable you to update the client minVersion to tls.
I don’t find anywhere else can set signing and encrypting algorithm in TN and IS. When sending message, algorithm is acquiescent sha1.
I would like to know if wm8.2 can support sha256 or above when signing and encrypting. if not, what need we do? How can we achieve this in minimum change?
Please check the IS Built-In-Services Reference for the services you are using.
They should have an optional Input parameter named hashAlgorithm or signatureAlgorithm, which defines the method.
SHA1 or SHA-1 is the default, set this to SHA256 or SHA-256 if it is possible according to Built-In-Services Reference.