Versions Compared

Old Version 1

changes.mady.by.user Former user

Saved on

compared with

New Version Current

changes.mady.by.user Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The transport level security protocol of the Tomcat server is configured in the <ESB_HOME>/repository/conf/tomcat/catalina-server.xml file. Note that the sslProtocol attribute is set to TLS (Transport Layer Security) by default.

...

  1. Make a backup of the <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml file and stop the server (same as for disabling SSL version 3).

  2. Add the cipher attribute to the existing configuration in the catalina-server.xml file by adding the list of ciphers that you want your server to support as follows: ciphers="<cipher-name>,<cipher-name>".

    Code Block
    ciphers="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,
         TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,
         SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA"

  3. Start the server.

...

Configuring the PassThrough transport

If you have enabled the pass-through PassThrough transport, do the following:

  1. Stop the server.

  2. Open the <PRODUCT<ESB_HOME>/repository/conf/axis2/axis2.xml file and based on the JDK version you are using add the following under the specified parameter under the <transportReceiver name="https" class="org.apache.synapse.transport.passthru.PassThroughHttpSSLListener"> element :

    If you are using JDK 1.6, add the parameter given below: 

    Code Block<transportReceiver

    as well as under the <transportSender name="

    passthru-

    https"

    class="org.

    wso2

    apache.

    carbon

    synapse.transport.passthru.

    PassThroughHttpSSLListener">

    PassThroughHttpSSLSender"> element.

    • If you are using JDK 1.6, add the following parameter:

      Code Block
      <parameter name="HttpsProtocols">TLSv1</parameter> 
    ......  </transportReceiver>

    • If you are using JDK 1.7, add the following parameter given below: 

      Code Block
      <transportReceiver<parameter name="passthru-https" class="org.wso2.carbon.transport.passthru.PassThroughHttpSSLListener"> 
    HttpsProtocols">TLSv1,TLSv1.1,TLSv1.2</parameter>

    • If you are using JDK 1.8, add the following parameter:

      Code Block
      <parameter name="HttpsProtocols">TLSv1,TLSv1.1,TLSv1.2</parameter> 
    ...... 
</transportReceiver>

  3. Start the server.

  4. Test the pass-through transport using the following command with the corresponding port:

    Code Block
    $ java -jar TestSSLServer.jar localhost 8243