Support for TLS V1.0, V1.1 and V1.2 protocols in LANSA Integrator

Date:19 April 2016
Product/Release:LANSA Integrator (All versions)
Abstract:Performing secure Transport Layer Security (TLS) connections to remote servers with limited TLS Protocols
Submitted By:LANSA Technical Support

While performing secure Transport Layer Security (TLS) connections to remote servers (in particular financial institutions) you might find that the other party has limited the TLS protocols available to connecting clients.

Note: While both IBM i JDK 7.0 and JDK 8.0 support TLS V1.0, V1.1 and V1.2 protocols, IBM i JDK 8.0 supports these protocols by default.

The best solution is to install JDK 8.0 32/64bit on your IBM i which would ensure that these protocols are supported as a default.
For JDK 7.0, TLS V1.1 and V1.2 are not enabled by default.

The screenshot below shows the secure connection portion of the service tracing of JSM service running on IBMi JDK 7.0 with com.ibm.jsse2.overrideDefaultProtocol=SSL_TLSv2 set.

SSL connection

To enable JDK 7.0 TLS V1.0, V1.1 and V1.2 support for the default JSSE provider
Add the following property to system/SystemDefault.properties
com.ibm.jsse2.overrideDefaultProtocol=<SSL or TLS Value>

Possible Values
SSLv3 : sets SSL V3.0
SSL_TLS : sets SSL V3.0 and TLS 1.0
SSL_TLSv2 : sets SSL V3.0, TLS 1.0, TLS 1.1, and TLS 1.2
TLS : sets TLS 1.0
TLSv1 : sets TLS 1.0
TLSv11 : sets TLS 1.1
TLSv12 : sets TLS 1.2

For testing purpose, listed below you can find various test server location.

SSL test servers
https://www.ssllabs.com:10301/ TLS v1.0
https://www.ssllabs.com:10302/ TLS v1.1
https://www.ssllabs.com:10303/ TLS v1.2