This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

TLS for Connectors

Can SmartConncetors be configured to run in TLS v1.2 with aes256 encryption?

  • Hello,

    please check agent.default.properties:
    <connector_home>/current/config/agent/agent.defaults.properties

    Find following setting (these are available from SmartConnector):

    # The protocols will be used during SSL handshake negotiations in the order in which they are mentioned
    ssl.protocols=TLSv1.2,TLSv1.1,TLSv1

    Delete the protocols (do not do it in agent.default.properties) that you do not use (ESM Destination has to have enabled the cypher that you will use on Connector). Please check this KB on how to do it on ESM KM02267699.

    Add this modified line to agent.properties:
    <connector_home>/current/user/agent/agent.properties

    For example to use only TLS 1.2:
    ssl.protocols=TLSv1.2

    Restart SmartConnecotor to apply settings.

    Regards,
    Marijo

  • , could you clarify the order of protocols in connector settings and ESM. You ve mentioned order from higher version to lower - ssl.protocols=TLSv1.2,TLSv1.1,TLSv1, there in KB for ESM settings opssite order is used - ssl.protocols.nonfips=SSLv2Hello,TLSv1,TLSv1.1,TLSv1.2. Who will "win" the protocol negotiation in this case?
  • Hello,

    1) Best answer for this would be to test (bit tight on time).
    2) My order for SmartConnector was like that because I copied it from agent.defaults.properties
    3) What I expect that SmartConnector will offer what he has by order and ESM will just accept it or deny it (if it does not support it).
    4) If you want to be sure, then on both sides use matching protocol so they can agree only on 1 option.

    Regards,

    Marijo