In an effort to provide the highest level of security to integration partners, Middleware and Integration Services (MaIS) is upgrading the infrastructure to support only Transport Layer Security (TLS) version 1.2.
Any communication using less than version TLS 1.2 will not be able to get/post data to MaIS. In order to continue to consume Registry data, client applications must be updated to align with our infrastructure change.
All clients are required to enable SSL version TLS v1.2 for all applications connecting to MaIS.
Please follow these steps for Java-based harvester applications. Note that Java7 supports TLSv1.2, however it is not enabled by default
Step 1: Make changes to application startup script
This can be done in two ways.
First Method: Using the system parameter in the application startup script
If your application has a need to communicate with other systems that use TLSv1.0 or TLSv1.1, then you need to add all three protocol versions in the system parameter as below.
-Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
If your application is only communicating with MaIS then only TLSv1.2 protocol version can be added in the system parameter as below.
-Dhttps.protocols=TLSv1.2
Second Method: Using the System.setProperty
If your application has a need to communicate with other systems (other than MaIS) which may be using TLSv1 or TLS1.1 protocols, then you need to add all the three protocol versions in the system property as below.
System.setProperty(“https.protocols”, “TLSv1,TLSv1.1,TLSv1.2”);
If your application is only communicating with MaIS then only TLSv1.2 protocol version can be added in the system property as below.
System.setProperty(“https.protocols”, “TLSv1.2”);
Step 2: Restart your application and test in UAT
- Make sure your application is able to successfully get/post data to and from MaIS applications.
- Report any issues with UAT by sending an email to as-mais-analysts@lists.stanford.edu
Related reference for TLS/SSL upgrade
- https://blogs.oracle.com/java-platform-group/entry/diagnosing_tls_ssl_and_https
- http://fsanglier.blogspot.com/2015/04/java-7-and-tlsv12-supported-but-not-enabled.html
IMPORTANT: Clients using non-Java harvesters must also update and test their integration with MaIS.
Please contact as-mais-analysts@lists.stanford.edu for any questions or concerns.
