Tibco uses old version of cryptographic library Entrust which uses even older library IAIK from Technische Universität Graz in Austria. These are not capable of providing TLSv1.2. IAIK is properly developed and maintained (with TLS supported at least since 2014), see http://jcewww.iaik.tu-graz.ac.at/index.php/sic/News/iSaSiLk_5.0_with_TLS_1.2_support_released, but Tibco doesn't update this library on its own. If you set java.property.TIBCO_SECURITY_VENDOR="j2se" or "j2se-default" or "ibm" in bwengine.tra file (also in designer.tra) you can use security stack from JRE. To be honest only part of it due to strange implementation of Tibco SSL Socket Factory. SSLContext is acquired for hardcoded value "TLSv1", what causes limiting TLS version used to TLSv1 despite the fact that Java 7+ can use TLSv1.2. How can Tibco fix this hardcode bug? By reading private MAX field from Sun's ProtocolVersion and then using it in argument to SSLContext.getInstance(). How can we hack this Tibco bug? By manually setting supported protocols inside JRE SSL contexts. If you want to access SalesForce from BW, but you can't, you can contact me and ask for help.
czwartek, września 21, 2017
Subskrybuj:
Komentarze do posta (Atom)
0 komentarze:
Prześlij komentarz