B2B Integration 10.5 | Administering and Monitoring B2B Transactions | Integration Server Administrator's Guide | Configuring Ports | Disabling TLS Renegotiation
 
Disabling TLS Renegotiation
TLS renegotiation can lead to Denial of Service (DoS) attacks. You can disable TLS renegotiation for all HTTPS and FTPS ports that use JSSE by setting a Java system property. The property that you configure depends on the JSSE provider in the JDK used by Integration Server.
*When using the JSSE provider from Oracle (SunJSSE), set the following Java system property to true to disable TLS renegotiation: jdk.tls.rejectClientInitiatedRenegotiation
For more information, seehttps://www.oracle.com/technetwork/jp/java/javase/8-compatibility-guide-2156366.html
*When using the JSSE provider from IBM (IBM JSSE2), use the following Java system property to disable TLS renegotiation: com.ibm.jsse2.renegotiate
For more information, see https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/jsse2Docs/tlsrenegotiation.html
Note: HTTPS and FTPS ports that do not use JSSE (the Use JSSE property is set to No) uses Entrust for SSL which uses the iSaSiLk library. Integration Server ships with iSaSiLk Version 3.03 which does not support disabling renegotiation.
Copyright © 2016- 2019 | Software AG, Darmstadt, Germany and/or Software AG USA, Inc., Reston, VA, USA, and/or its subsidiaries and/or its affiliates and/or their licensors.