Topic
  • No replies
MrTuVo
MrTuVo
1 Post

Pinned topic TLS change in JVM from SR10FP1 to SR10FP10?

‏2018-10-17T13:53:27Z | tls1.1 tls1.2 tomcat.

After upgrading from  IBM AIX JVM SR10FP1 to SR10FP10, tomcat no longer negotiated TLS 1.1 and 1.2.

 

Adding "com.ibm.jsse2.overrideDefault TLS=true'" to the JVM command line for tomcat allowed it to work again.

 

The behavior seems to match what is documented here:

https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.0.0/com.ibm.java.security.component.70.doc/security-component/jsse2Docs/matchsslcontext_tls.html#matchsslcontext_tls

 

But the above feature was added in SR9FP50.

 

Does anyone know what changed after pap6470sr10fp1-20170215_01(SR10 FP1)))  and through pap6470sr10fp10-20170726_05(SR10 FP10))) that would require adding "com.ibm.jsse2.overrideDefault TLS=true'" to the JVM command line for tomcat to work correctly with TLS 1.1/1.2?

Updated on 2018-10-17T13:53:58Z at 2018-10-17T13:53:58Z by MrTuVo