Can we verify the SSL/TLS version from AS2 inbound transmissions and also how to identify the our TLS version in web methods application server.
Because recently one of our external AS2 partner was rejecting our transmissions and they are informing us, going forward they will accept only TLS1.2 version transmissions.
Can we make this TLS1.2 setup for particular one AS2 partner?
we came to know that, for TLS 1.2 version setup we need to update the extended settings. If we make this change then it will effect to all AS2 inbound and outbound transmissions, https webservice calls to all B2B partners.
After making this change, do we need to test inbound and outbound transmissions with all B2B partners who are using https protocol for AS2, webservices and sFTP.
Can someone please advise, if there are any better approach to making these changes.
Not sure if TLS can be enabled per partner. Entrust provider, which only supports SSL v3.0 and TLS v1.0. It should be a global setting on IS/TN, in order to support TLS v1.1 and TLS v1.2, the JSSE provider must be used. Make sure to have the latest fixes and check that you have set watt.net.ssl.client.useJSSE=true and restart the IS.
In addition to this, there are other settings on IS,
If you intended to use TLS v1.2 for WS, HTTP/(s), FTP/SFTP integration, there is an input parameter “useJSSE” (refer IS admin guide) which will be specific to this services and not a global setting on IS.
Thank you Mahesh…
Can we check the TLS version for AS2 inbound messages in MWS.
After making this change, do we need to test with all partners who are using secured protocols like AS2 partners(https), webservices, sftp transmissions.
Or will this change support all TLS versions for inbound transmissions? and
if the external partner is using TLS 1.0 or 1.1, Can they accept our transmissions after making this change?
Can we check the TLS version for AS2 inbound messages in MWS. - I think no
After making this change, do we need to test with all partners who are using secured protocols like AS2 partners(https), webservices, sftp transmissions. - Yes, do a regression.
Or will this change support all TLS versions for inbound transmissions? and if you make a global setting changes, yes
if the external partner is using TLS 1.0 or 1.1, Can they accept our transmissions after making this change?
If you intended to use TLS v1.2 for WS, HTTP/(s), FTP/SFTP integration, there is an input parameter “useJSSE” (refer IS admin guide) which will be specific to this services and not a global setting on IS. -----> For AS2 outbound transmissions using EDIINT:send, I could not find the service level parameter to set useJSSE. As per SAG and forums, came to know that it should be set as global parameter in the extended settings.
Please let me know, if there is any other option to set this as service level for EDIINT:send service.