Question & Answer
Question
A map is making a SOAP call as follows:
= VALID( GET("SOAP", "-RAW -SA 'http:<address>' -T m4soap.mtr -TRANSPORT 'HTTP (-HDR+ -METHOD POST -URL <endpoint -TYPE text/xml -TV m4http.mtr)' ", PACKAGE( xmlScrub ) ), LASTERRORCODE()+": "+LASTERRORMSG() )
Error returned in trace file: m4http.mtr
= VALID( GET("SOAP", "-RAW -SA 'http:<address>' -T m4soap.mtr -TRANSPORT 'HTTP (-HDR+ -METHOD POST -URL <endpoint -TYPE text/xml -TV m4http.mtr)' ", PACKAGE( xmlScrub ) ), LASTERRORCODE()+": "+LASTERRORMSG() )
Error returned in trace file: m4http.mtr
WSAConnectSSL: SSL_ERROR_SYSCALL: System call error (10054).
WSAConnectSSL:
Failure: SSL connection NOT established with target server, <server_address>, on port, 443.
Socket Closed.
WSAConnectSSL:
Failure: SSL connection NOT established with target server, <server_address>, on port, 443.
Socket Closed.
How can we get TLS 1.2 supported?
Cause
The endpoint manager was migrated from TLS 1.0 / TLS 1.1 to TLS 1.2.
Answer
Environment: WTX 8.4.1 on Windows, "HTTP Adapter, Version 8.4.1(7)" which would be IBM WebSphere Transformation Extender Secure Adapter Collection V8.4.1.4 build 7. Meaning, this level already has TLS 1.2 support for the WTX HTTP / SOAP adapter.
See the following applicable "release notes" URL where TLS 1.2 support was added:
"Release Notes for IBM WebSphere Transformation Extender Secure Adapter Collection, V8.4.1.3 - V8.4.1.5"
Reference section: "Support for TLS V1.2 protocol and NIST SP 800-131A"
Note also that there is mention therein of the new m4gskssl module which provides this enhanced SSL and TLS security. The m4gskssl module is activated after you install and configure IBM GSKit. When you do not install IBM GSKit and configure it on the library path of your platform, the legacy mercssl module is used.
In other words, for TLS 1.2 support, it is mandatory to install and configure IBM GSKit. That is, if you are not already using GSKit for your existing TLSv1 or TLSv11.
Lastly, there are settings in the dtx.ini file for GSKit-based implementations. See the bottom section of the dtx.ini starting with...
;===============================================================================
; The following sections are used by the WTX GSKit-based SSL subsystem.
; The "SSL_CLIENT" section is used by the WTX HTTP/S and FTP/S adapters.
; The "SSL_SERVER" section is used by the WTX Launcher Agent.
;-------------------------------------------------------------------------------
See the following applicable "release notes" URL where TLS 1.2 support was added:
"Release Notes for IBM WebSphere Transformation Extender Secure Adapter Collection, V8.4.1.3 - V8.4.1.5"
Reference section: "Support for TLS V1.2 protocol and NIST SP 800-131A"
Note also that there is mention therein of the new m4gskssl module which provides this enhanced SSL and TLS security. The m4gskssl module is activated after you install and configure IBM GSKit. When you do not install IBM GSKit and configure it on the library path of your platform, the legacy mercssl module is used.
In other words, for TLS 1.2 support, it is mandatory to install and configure IBM GSKit. That is, if you are not already using GSKit for your existing TLSv1 or TLSv11.
Lastly, there are settings in the dtx.ini file for GSKit-based implementations. See the bottom section of the dtx.ini starting with...
;===============================================================================
; The following sections are used by the WTX GSKit-based SSL subsystem.
; The "SSL_CLIENT" section is used by the WTX HTTP/S and FTP/S adapters.
; The "SSL_SERVER" section is used by the WTX Launcher Agent.
;-------------------------------------------------------------------------------
Related Information
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSVSD8","label":"IBM Transformation Extender"},"Component":"HTTPS\/SOAP Adapter","Platform":[{"code":"PF033","label":"Windows"}],"Version":"8.4.1","Edition":"","Line of Business":{"code":"LOB59","label":"Sustainability Software"}}]
Was this topic helpful?
Document Information
Modified date:
05 August 2020
UID
ibm10871850