Question
Now that xMatters will no longer support TLS 1.1, how can I make sure my Integration Agents don't use TLS 1.1?
Environment
xMatters Integration Agent
Answer
To disable TLS 1.1 in the xMatters Integration Agent:
- In your Integration Agent installation folder, open the java.security file. This can usually found here: <IAHOME>/jre/lib/security/java.security
- Locate this line: jdk.tls.disabledAlgorithms=
- Add TLSv1.1 to the list.
To test if the xMatters Integration Agent is using TLS 1.1:
- Create a backup of your <IAHOME>/conf/wrapper.conf file.
- Open the original file in your preferred text editor and after the last uncommented wrapper.java.additional line, add: wrapper.java.additional.
- Next to that, add the next number in line, and then: -Djavax.net.debug=all. For example: wrapper.java.additional7=-Djavax.net.debug=all
- Stop the agent.
- Restart the agent in console mode using a command (for example: <IAHOME>/bin/start_console)
- Once you see this line: Current heartbeat status is changed from UNKNOWN to PRIMARY_ACCEPTED on your keyboard, press ^C twice to break out of the console_mode.
- Copy the output from the start console stream to a .txt file, and search for:
"ClientHello": { "client version"
It should show the transport layer version, for example:
"ClientHello": { "client version": "TLSv1.2",
Note: Java 8 defaults to TLS 1.2, but unless there is a line to specifically disable TLS 1.1, it can fail back if 1.2 is not available.
Comments
0 commentsArticle is closed for comments.