Enable TLS 1.2 for WSO2 Services

Following configuration changes needs to be done in service to enable TLS 1.2 only.

• Enforce TLS 1.2 for the servlet transport i.e. Port 9443. Do the following in /repository/conf/tomcat/catalina-server.xml file.
• Find the Connector configuration corresponding to TLS (usually, this connector has the port set to 9443 and the sslProtocol as TLS). Remove the sslProtocol="TLS" attribute and replace it with sslEnabledProtocols="TLSv1.2".

  protocol="org.apache.coyote.http11.Http11NioProtocol"
                   port="9443"
                   bindOnInit="false"
                   sslEnabledProtocols="TLSv1.2"

• Enforce TLS 1.2 for PassThrough transport  - i.e.  Port 8243 (Ex: In ESB) Do the following in /repository/conf/axis2/axis2.xml file.
• Add the parameter "HttpsProtocols" under the below elements.

<transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener">

<transportSender name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLSender"> 

Parameter:

<parameter name="HttpsProtocols">TLSv1.2</parameter>

References:

[1] https://docs.wso2.com/display/ADMIN44x/Configuring+Transport+Level+Security

[2] https://docs.wso2.com/display/ADMIN44x/Supported+Cipher+Suites