If the directory/file paths specified in this guide do not exist in your WSO2 product, see Directory Structure of WSO2 Products to locate the paths applicable to your product.
Page Comparison - Configuring Transport Level Security (v.40 vs v.41) - Administration Guide 4.4.x - WSO2 Documentation

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The transport-level security protocol of the Tomcat server is configured in the <PRODUCT_HOME>/repository/conf/tomcat/catalina-server.xml file. By default, "TLS" is configured as the SSL protocol for HTTPS communication , by setting the sslProtocol="TLS" attribute in the catalinathe catalina-server.xml filexml file. Specifying TLS as the SSL protocol means ensures that all TLS versions, as well as SSL protocol versions, are supported. However, due to the Poodle Attack, it is necessary to make sure that only TLS protocol versions are enabled.

Note that , in some WSO2 products, such as WSO2 Enterprise Integrator (ESB profile) and WSO2 API Manager, pass-thru transports are enabled. Therefore, to disable SSL in such products, the axis2.xml file stored in the <PRODUCT_HOME>/repository/conf/axis2/ directory should also be configured.

...

The TLS protocol is set to TLSv1.0 (by default), in WSO2 products running on JDK 1.7. You cannot configure this using the catalinathe catalina-server.xml file or the axis2.xml file as we do with products based on JDK 1.7. Therefore, you need to enable TLSv1.1 and TLSv1.2 globally , by setting a system property.

  1. Download the following JARsartifacts:
  2. Copy the wso2-ssl-socket-factory-provider-1.0.0.jar file to the <PRODUCT_HOME>/lib/endorsed directory.
  3. Copy the wso2-ssl-security file to the <PRODUCT_HOME>/repository/conf/ directory.
  4. Open the product startup script (wso2server.sh for Linux, or wso2server.bat for Windows), which is stored in the <PRODUCT_HOME>/bin directory.

  5. Add the following system properties to the script:

    Code Block
    -Djdk.tls.client.protocols="TLSv1.1,TLSv1.2" \
    -Djava.security.properties="$CARBON_HOME/repository/conf/wso2-ssl-security" \
  6. Start the server.

...