Forcing TLS 1.2

From Observer GigaFlow Support | VIAVI Solutions Inc.
Revision as of 15:04, 15 August 2022 by Kevin Wilkie (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

You can force the JRE to only allow specific TLS versions. Edit the gigaflow start service file /etc/systemd/system/gigaflow.service Change the ExecStart line to include

-Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2

An example of how it should now loog

ExecStart=/opt/java/bin/java -Xms364M -Xmx16000M  -Dhttps.protocols=TLSv1.2 -Djdk.tls.client.protocols=TLSv1.2 -Djava.library.path=./dist/lib/ -Djava.awt.headless=true -XX:+CrashOnOutOfMemoryError -XX:+HeapDumpOnOutOfMemoryError  -classpath ./dist/ROS.jar:./dist/lib/* ros.ROS

When done, reload the services file and then gigaflow service

systemctl daemon-reload
systemctl restart gigaflow