IBM Java and TLS
Friday, September 20, 2019 at 11:38amOur java application runs on WebSphere 8.5.5 and IBM Java 1.8
When attempting to connect to OneSpan the TLS Cipher negotiation is resulting in dropping down to TLS 1 which OneSpan then rejects.
So in the java sdk com.silanis.esl.sdk.internal.Client.java
protected SSLConnectionSocketFactory buildSSLSocketFactory() throws HttpException {
try {
SSLContext sslContext = SSLContext.getInstance("SSL");
sslContext.init(null,
Is causing TLS negotiation to fail on the IBM Java runtime. there is a workaround here however this affects ALL apps running on the appserver.
Seems the behaviour is the same for "SSL" and "TLS".
Ideally the protocol enabled would be configuration in some manner. As the JDK won't work on the IBM JDK with default settings. This doesn't appear to be the case but I could be missing something.
Hard to imagine there aren't folks calling OneSpan from WebSphere on the IBM Java runtime... might there be an alternative to the above flag, or rebuilding the library ourselves specifying SSLContext sslContext = SSLContext.getInstance("TLSv1.2");?
thanks,
Rob
Reply to: IBM Java and TLS
Friday, September 20, 2019 at 11:58am// SSLContext sslContext = SSLContexts.createDefault(); // // SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, // new String[]{"TLSv1.2"}, // null, // SSLConnectionSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER);Tell me whether this works for you! I will also have a try at my side. DuoReply to: IBM Java and TLS
Friday, September 20, 2019 at 12:01pm