PT 856 and TLS vs. SSL

    Hello, we are in the process of upgrading our PeopleTools from 855 to 856. Oracle recommends that we use TLS instead of SSL. We are having some issues enabling TLS on the load balancer for now so we are thinking about using SSL temporarily. We are wondering whether anyone is still using SSL with PT 856? We would really appreiciate any inputs in terms of pitfalls we need to watch out, etc. Thank you!. Alex.

    Thanks Chamanthi! I had an isssue with my login and sorry for the late response. We will read your suggestions through and ask if we have additional questions. Thanks again! Alex.

    Hi there

    The below is what one of our system admin guys provided without knowing the version details that you are on:

    TLS is not enabled by default in PeopleTools , but it is easy to enable on all the configuration files.

    For App server and Batch Server

    Modify JavaVM options parameter in the Appserver (psappsrv.cfg) and Batch server (psprcs.cfg) config files

    JavaVM Options=-Dxdo.ConfigFile=%PS_HOME%/appserv/xdo.cfg -Xms32m -Xmx128m -**Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2 **

    Also, PeopleTools supports TLS for SMTP security. To use TLS with PeopleTools, you need to add these parameters manually to the PSAPPSRV.CFG file and PSPRCS.CFG file in the SMTP settings section, and set to true.





    Enable TLS-Only On WebLogic

    In setEnv.cmd or, JAVA_OPTION needs to  be appended with

    For Example , in windows setEnv.cmd (windows)

    SET JAVA_OPTIONS_WIN=-jrockit -XnoOpt -XXnoJITInline -Xms512m -Xmx512m -Dtoplink.xml.platform=oracle.toplink.platform.xml.jaxp.JAXPPlatform

    PIA requires restart after this change and also the PIA service need to be reinstalled or commandline needs to be modified.

    LDAP or Directory connection

    For LDAP or Directory server that is configured to accept only TLS 1.2 connections ,  a code change to_$PS_HOME/appserv/classes/psft/pt8/pshttp/PSLdapSSLSocketFactory.class_ is required so that it uses TLSv1.2 instead of SSL for the below code line.

    SSLContext sslcontext = SSLContext.getInstance("SSL");

    needs to be changed to

    SSLContext sslcontext = SSLContext.getInstance**("TLSv1.2");**

    Also If they are using SES, there are changes need to be made as described in the  PeopleTools online document -> Enforcing a Specific TLS Version in PeopleSoft with SES


    PT8.56 system and server administration guide (Link)

    chamanthi weerasinghe

    Hi Alex

    I had a chat with one of DBA / System Admin people.

    He said "SSL is fully supported in PT8.56"

    He is also not aware of any issues in using SSL with PT8.56 but did say TLS is the improvement to SSL 3.0.

    Hope this helps

Log in to reply

Looks like your connection to Quest Oracle Community was lost, please wait while we try to reconnect.