[Info-vax] blocking tls-1.0 and tls-1.1
Arne Vajhøj
arne at vajhoej.dk
Fri Mar 6 21:42:31 EST 2020
On 3/6/2020 7:36 AM, Neil Rieck wrote:
> This is a reminder that modern browsers will begin blocking tls-1.0
> and 1.1 this month (2020-03-xx). If you have an active OpenVMS
> support contract then you should have updated the OpenSSL plugin of
> your CSWS (Apache for OpenVMS) software long before now. If you do
> not have a support contract then you might consider switching over to
> WASD (this conversion is not trivial for all sites).
>
> https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/
For those using Tomcat or any other Java based stuff:
* download BouncyCastle provider and BouncyCastle TLS
* make sure they are in classpath
* make a clone of java.security tlsfix.security
with org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
as first provider
* run Java with "-Djava.security.properties=tlsfix.security"
then TLS 1.2 will work.
Arne
More information about the Info-vax
mailing list