An unhandled TLS 1.2 error in plugin after upgrading from TLS 1.1 to TLS 1.2 in ccm
3 answers
If this is a custom plugin, you have the code and can check where this is happening.
Comments
{
this.httpClient = new DefaultHttpClient();
HttpUtils.setupLazySSLSupport(this.httpClient);
}
public RQMOSLCConnection(String serverUri, String login, String password)
{
this.rqmServerUri = serverUri;
this.rqmLogin = login;
this.rqmPassword = password;
this.httpClient = new DefaultHttpClient();
HttpUtils.setupLazySSLSupport(this.httpClient);
}"
Also I wanted to ask that if we upgrade to TLS1.2, we need to update in server.xml files for it? or in reverseproxy config file aslo?
First of all: This happens in EWM/RTC, correct?
I had SSL issues with TLS 1.2 strict mode. During my case with IBM i learned that when you enable strict TLS 1.2 and the another sytem is set for anythign other than 1.2 only (say TLS 1.1 or 1.2), you would think they would negotiate to use 1.2. However, due to an oddity in the TLS 1.2 RFC the connection is denied unless all endpoints are configured for TLS 1.2 only (not necessarily strict 1.2). We did not have requirement for 800-131 so we simply configured all ELM servers for TLS 1.2 only - not stict mode.