我正在运行一个与各种 API 通信的网络应用程序。一个 API 需要 TLSv1.2,而另一个 API 不支持最新的东西(TLSv1 或 TLSv1.1)。
Websphere 是否支持多个 SSL 版本?
我找到了有关成功更改 SSL 版本的文档,但我确实需要能够同时运行 TLSv1.1 和 1.2(如果可能的话),或者为一个应用程序运行一个版本而为另一个应用程序运行另一个版本。
最佳答案
根据 documentation为了在 WebSphere 中设置 SSL,以支持使用 TLS 1.0、1.1 和 1.2,我需要启用 SSL_TLSv2:
Question: WAS is act SSL client, What does remote SSL server support only TLSv1.0 or TLSv1.1 and Similar WAS is act SSL Server, What does Remote SSL client does support only TLSv1.0 or TLSv1.1 or TLSv1.2. What to do in order to work such environments?
Answer: There is an alternative option, SSL_TLSv2, which will enable support for TLSv1.0, TLSv1.1, and TLSv1.2 in the environment. Please use this setting SSL_TLSv2 in environments where support for multiple TLS protocols is required, or if you are not sure whether your WAS environment interacts with other servers or clients using non-TLSv1.2 protocols then, you can configure WAS to use SSL_TLSv2 using same steps as given in the above.
Note:
Without poddle fix and configured WAS to use SSL_TLSv2
SSL_TLSv2 ==> Enables all SSL v3.0 and TLS v1.0, v1.1 and v1.2 protocols. Accepts SSLv3 or TLSv1 hello encapsulated in an SSLv2 format hello.
If you installed Poddle fix (will disable SSLv3 ) and configured WAS to use SSL_TLSv2
SSL_TLSv2 ==> Enables these three TLS v1.0, v1.1 and v1.2 protocols.
因此,将 QoS 设置更改为 SSL_TLSv2 允许在需要时对多个 TLS 版本进行 SSL 握手。
关于ssl - WebSphere 多 SSL 版本支持,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40590552/