- 4 Posts
- 718 Views
Hello, we are in the process of upgrading our PeopleTools from 855 to 856. Oracle recommends that we use TLS instead of SSL. We are having some issues enabling TLS on the load balancer for now so we are thinking about using SSL temporarily. We are wondering whether anyone is still using SSL with PT 856? We would really appreiciate any inputs in terms of pitfalls we need to watch out, etc. Thank you!. Alex.
Thanks Chamanthi! I had an isssue with my login and sorry for the late response. We will read your suggestions through and ask if we have additional questions. Thanks again! Alex.
The below is what one of our system admin guys provided without knowing the version details that you are on:
TLS is not enabled by default in PeopleTools , but it is easy to enable on all the configuration files.
For App server and Batch Server
Modify JavaVM options parameter in the Appserver (psappsrv.cfg) and Batch server (psprcs.cfg) config files
JavaVM Options=-Dxdo.ConfigFile=%PS_HOME%/appserv/xdo.cfg -Xms32m -Xmx128m -**Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 **
Also, PeopleTools supports TLS for SMTP security. To use TLS with PeopleTools, you need to add these parameters manually to the PSAPPSRV.CFG file and PSPRCS.CFG file in the SMTP settings section, and set to true.
Enable TLS-Only On WebLogic
In setEnv.cmd or setEnv.sh, JAVA_OPTION needs to be appended with -Dweblogic.security.SSL.protocolVersion=TLS1
For Example , in windows setEnv.cmd (windows)
SET JAVA_OPTIONS_WIN=-jrockit -XnoOpt -XXnoJITInline -Xms512m -Xmx512m -Dtoplink.xml.platform=oracle.toplink.platform.xml.jaxp.JAXPPlatform -Dweblogic.security.SSL.protocolVersion=TLS1
PIA requires restart after this change and also the PIA service need to be reinstalled or commandline needs to be modified.
LDAP or Directory connection
For LDAP or Directory server that is configured to accept only TLS 1.2 connections , a code change to_$PS_HOME/appserv/classes/psft/pt8/pshttp/PSLdapSSLSocketFactory.class_ is required so that it uses TLSv1.2 instead of SSL for the below code line.
SSLContext sslcontext = SSLContext.getInstance("SSL");
needs to be changed to
SSLContext sslcontext = SSLContext.getInstance**("TLSv1.2");**
Also If they are using SES, there are changes need to be made as described in the PeopleTools online document -> Enforcing a Specific TLS Version in PeopleSoft with SES
PT8.56 system and server administration guide (Link)