The Integration Agent and TLS 1.1

Question 

Now that xMatters will no longer support TLS 1.1, how can I make sure my Integration Agents don't use TLS 1.1?

Environment

xMatters Integration Agent

Answer

To disable TLS 1.1 in the xMatters Integration Agent:

  1. In your Integration Agent installation folder, open the java.security file. This can usually found here: <IAHOME>/jre/lib/security/java.security
  2. Locate this line: jdk.tls.disabledAlgorithms=
  3. Add TLSv1.1 to the list.

To test if the xMatters Integration Agent is using TLS 1.1:

  1. Create a backup of your <IAHOME>/conf/wrapper.conf file.
  2. Open the original file in your preferred text editor and after the last uncommented wrapper.java.additional line, add: wrapper.java.additional.
  3. Next to that, add the next number in line, and then: -Djavax.net.debug=all. For example: wrapper.java.additional7=-Djavax.net.debug=all
  4. Stop the agent.
  5. Restart the agent in console mode using a command (for example: <IAHOME>/bin/start_console)
  6. Once you see this line: Current heartbeat status is changed from UNKNOWN to PRIMARY_ACCEPTED on your keyboard, press ^C twice to break out of the console_mode.
  7. Copy the output from the start console stream to a .txt file, and search for:
    "ClientHello": {  "client version"
    It should show the transport layer version, for example:
    "ClientHello": { "client version": "TLSv1.2",

Note: Java 8 defaults to TLS 1.2, but unless there is a line to specifically disable TLS 1.1, it can fail back if 1.2 is not available.

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.