[Info-vax] blocking tls-1.0 and tls-1.1
Arne Vajhøj
arne at vajhoej.dk
Fri Mar 6 21:57:35 EST 2020
On 3/6/2020 9:42 PM, Arne Vajhøj wrote:
> On 3/6/2020 7:36 AM, Neil Rieck wrote:
>> This is a reminder that modern browsers will begin blocking tls-1.0
>> and 1.1 this month (2020-03-xx). If you have an active OpenVMS
>> support contract then you should have updated the OpenSSL plugin of
>> your CSWS (Apache for OpenVMS) software long before now. If you do
>> not have a support contract then you might consider switching over to
>> WASD (this conversion is not trivial for all sites).
>>
>> https://www.zdnet.com/article/browsers-to-block-access-to-https-sites-using-tls-1-0-and-1-1-starting-this-month/
>>
> For those using Tomcat or any other Java based stuff:
> * download BouncyCastle provider and BouncyCastle TLS
> * make sure they are in classpath
> * make a clone of java.security tlsfix.security
> with org.bouncycastle.jsse.provider.BouncyCastleJsseProvider
> as first provider
> * run Java with "-Djava.security.properties=tlsfix.security"
> then TLS 1.2 will work.
Forgot to say that it is not necessary for Java 1.8 (Itanium)
as Java 1.8 support TLS 1.2 out of the box.
Arne
More information about the Info-vax
mailing list