Contents

Transport Level Security (TLS) helps encrypting messages passed between two parties, ensuring protection from eavesdropping or modification by a third person.

Compatibility with Java versions

TLS is backwards compatible, which makes it connect to any version of java.
Both Java7 and Java8 support TLSv1, TLS 1.1 and TLSv1.2. However, protocols that JDK uses by default in Fiorano are:

  • JDK 8 – TLSv1.2
  • JDK 7 – TLSv1.0

Hence, the above TLS versions are assigned by default if the version is not specified.

Configuring TLS

The following Fiorano microservices cater SSL Security services in which TLS Protocol settings can be managed:

  • WSStub
  • WebServiceConsumer
  • AS2Connector
  • HTTPAdapters
  • HttpStub
  • SimpleHTTP
  • RESTStub
  • RESTConsumer
  • FTPGet
  • FTPPut
  • POP3
  • SMTP
  • JMSIn
  • JMSRequestor
  • JMSReplier
  • LdapAuthenticator
  • LDAPLookup

TLS version may be explicitly set by providing the value in the SSL Settings present in any one of the two options below:

  • Configuration Property Sheet (CPS) of the specific component.
  • Runtime argument in System Properties.

In the Configuration Property Sheet

Enabling SSL in the CPS allows providing the TLS version as required. To configure TLS settings, perform the following actions:

  1. Double-click the microservice inserted in the Fiorano Orchestrator.
  2. Enable the Show Expert Properties option in the upper-left side of the CPS.
  3. Click the SSL Security ellipsis button to configure SSL Settings.
  4. In the SSL Configuration dialog box, select the Enable SSL property under SSL Settings and provide the Security Protocol property value.

In Runtime Arguments

Instead of overwriting SSL socket creation in the CPS, it can be configured in the system property (JVM) as well. It helps to apply the defined value to all the microservice instances across the event processes.
To force a microservice to use a different TLS protocol than the default one, specify the value for the –Dsecurity.protocol system property in the runtime arguments.

Example: To use TLSv1.1 for JDK 8 for which default protocol is TLSv1.2, provide the value -Dsecurity.protocol=TLSv1.1

To configure TLS settings with the protocol above, perform the following actions:

  1. Click the microservice inserted in the Fiorano Orchestrator.
  2. In the Properties pane, select the Runtime Arguments tab and provide the value in the following format in the JVM_PARAMS box. -Dsecurity.protocol=TLSv1.1

    Icon

    If there are multiple JVM PARAMS values present, separate this value from them by a single space.

  3. Press Enter to save the settings
     
  4. Press No to save the JVM settings for the selected microservice.

    Icon

    Select the option "Update service instances from all Event Processes" and click Yes to configure the JVM settings for the selected microservice used in all existing event processes.


Debugging the TLS settings

For event processes running in the Separate Process mode, the TLS protocol being used may be checked by providing the JVM Parameter value below in the microservice property:
–Djavax.net.debug=ssl

To debug SSL information, perform the following actions:

  1. Click the microservice inserted in the Fiorano Orchestrator.
  2. In the Properties pane, select the Runtime Arguments tab and provide the value below in the JVM_PARAMS field: –Djavax.net.debug=ssl
  3. Press Enter to save the settings


This JVM parameter prints SSL related information. To check the TLS protocol used, search for the string 'ClientHello' or 'ServerHello' in Logs. The SSL configuration follows the string as below:

  • *** ClientHello, TLSv1.2
  • *** ServerHello, TLSv1.2
Adaptavist ThemeBuilder EngineAtlassian Confluence