SFDC not supporting TLS 1.0

Hi,
We are using webservices to login into SFDC test instance in webMethods 9.0. SFDC test instance has stopped supporting TLS 1.0 and expects TLS1.1 or higher.
Please provide the possible solutions to this issue. We got to know that upgrading webMethods to latest version could solve this issue. Are there any other solutions. Thanks in advance.

Better to contact SAG global support if they have any engineering fix (WmSFDC -XXXXX) for your issue. Moreover there might be some extended setting for TLS on IS, did you try them referring Administration guide.

Also checking your JVM version will help if it support or not.

Yes IS extending setting should help resolve the issue.

In your IS 9.0 env, what was the current setting you have for enabling TLS1.0?

I hope you have these in place on your DMZ IS or Internal IS outbound to enable various versions of TLS?

watt.net.jsse.server.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2
watt.net.jsse.client.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2

watt.net.ssl.client.handshake.maxVersion=tls
watt.net.ssl.client.handshake.minVersion=tls

watt.net.ssl.server.handshake.maxVersion=tls
watt.net.ssl.server.handshake.minVersion=tls

But I am not sure if the above will work for 9.0 or requires higher versions of IS 9.x.x

HTH,
RMG

Hi,

according the KnowledgeBase Article( KB #1760581; webMethods Integration Server - POODLE Vulnerability for wM7.x, 8.x and 9.x IS, Broker and MWS) , you will have to apply at least IS_9.0_SP1_Core_Fix8 and required Fixes for i.e. Entrust Shared Component to get the mentioned settings working.

See the following links:
https://empower.softwareag.com/Products/Security/poodle.asp
https://empower.softwareag.com/sl24sec/SecuredServices/KCFullTextASP/viewing/view.asp?prdfamily=Integration&KEY=113464-6074191&DSN=PIVOTAL&DST=TCD
Regards,
Holger

1 Like