Wednesday, November 30, 2016

Enable TLS 1.2 for WSO2 Services

Following configuration changes needs to be done in service to enable TLS 1.2 only.
  • Enforce TLS 1.2 for the servlet transport i.e. Port 9443. Do the following in /repository/conf/tomcat/catalina-server.xml file.
    • Find the Connector configuration corresponding to TLS (usually, this connector has the port set to 9443 and the sslProtocol as TLS). Remove the sslProtocol="TLS" attribute and replace it with sslEnabledProtocols="TLSv1.2".
  • Enforce TLS 1.2 for PassThrough transport  - i.e.  Port 8243 (Ex: In ESB) Do the following in /repository/conf/axis2/axis2.xml file.
    • Add the parameter "HttpsProtocols" under the below elements.

<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">

<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender"> 


<parameter name="HttpsProtocols">TLSv1.2</parameter>

No comments:

Post a Comment