WebSphere 多 SSL 版本支持
WebSphere Multiple SSL Version Support
我正在 运行 构建一个与各种 API 进行通信的 Web 应用程序。一个 API 需要 TLSv1.2,而另一个不支持当前的东西(TLSv1 或 TLSv1.1)。
Websphere 是否支持多个 SSL 版本?
我找到了有关成功更改 SSL 版本的文档,但是我确实需要能够 运行 TLSv1.1 和 1.2 一起(如果可能的话)或 运行 一个一个应用程序的版本,另一个应用程序的另一个版本。
根据 documentation 在 WebSphere 中设置 SSL,为了支持使用 TLS 1.0、1.1 和 1.2,我需要启用 SSL_TLSv2:
Question: WAS is act SSL client, What does remote SSL server support
only TLSv1.0 or TLSv1.1 and Similar WAS is act SSL Server, What does
Remote SSL client does support only TLSv1.0 or TLSv1.1 or TLSv1.2.
What to do in order to work such environments?
Answer: There is an alternative option, SSL_TLSv2, which will enable
support for TLSv1.0, TLSv1.1, and TLSv1.2 in the environment. Please
use this setting SSL_TLSv2 in environments where support for multiple
TLS protocols is required, or if you are not sure whether your WAS
environment interacts with other servers or clients using non-TLSv1.2
protocols then, you can configure WAS to use SSL_TLSv2 using same
steps as given in the above.
Note:
Without poddle fix and configured WAS to use SSL_TLSv2
SSL_TLSv2 ==> Enables all SSL v3.0 and TLS v1.0, v1.1 and v1.2
protocols. Accepts SSLv3 or TLSv1 hello encapsulated in an SSLv2
format hello.
If you installed Poddle fix (will disable SSLv3 ) and configured WAS
to use SSL_TLSv2
SSL_TLSv2 ==> Enables these three TLS v1.0, v1.1 and v1.2 protocols.
因此,将 QoS 设置更改为 SSL_TLSv2 允许在需要时对多个 TLS 版本进行 SSL 握手。
我正在 运行 构建一个与各种 API 进行通信的 Web 应用程序。一个 API 需要 TLSv1.2,而另一个不支持当前的东西(TLSv1 或 TLSv1.1)。
Websphere 是否支持多个 SSL 版本?
我找到了有关成功更改 SSL 版本的文档,但是我确实需要能够 运行 TLSv1.1 和 1.2 一起(如果可能的话)或 运行 一个一个应用程序的版本,另一个应用程序的另一个版本。
根据 documentation 在 WebSphere 中设置 SSL,为了支持使用 TLS 1.0、1.1 和 1.2,我需要启用 SSL_TLSv2:
Question: WAS is act SSL client, What does remote SSL server support only TLSv1.0 or TLSv1.1 and Similar WAS is act SSL Server, What does Remote SSL client does support only TLSv1.0 or TLSv1.1 or TLSv1.2. What to do in order to work such environments?
Answer: There is an alternative option, SSL_TLSv2, which will enable support for TLSv1.0, TLSv1.1, and TLSv1.2 in the environment. Please use this setting SSL_TLSv2 in environments where support for multiple TLS protocols is required, or if you are not sure whether your WAS environment interacts with other servers or clients using non-TLSv1.2 protocols then, you can configure WAS to use SSL_TLSv2 using same steps as given in the above.
Note:
Without poddle fix and configured WAS to use SSL_TLSv2
SSL_TLSv2 ==> Enables all SSL v3.0 and TLS v1.0, v1.1 and v1.2 protocols. Accepts SSLv3 or TLSv1 hello encapsulated in an SSLv2 format hello.
If you installed Poddle fix (will disable SSLv3 ) and configured WAS to use SSL_TLSv2
SSL_TLSv2 ==> Enables these three TLS v1.0, v1.1 and v1.2 protocols.
因此,将 QoS 设置更改为 SSL_TLSv2 允许在需要时对多个 TLS 版本进行 SSL 握手。