During the testing ,seems JDK8, 11 are not quite compatible with TLS 1.3 .We need to disable tls 1.3 to make sure all applications to work well. Here is the introduction How.
TLS is a protocol that is used to safely communicate between the web browser and the Horizzon Server. When you use the Horizzon Server in combination with Java 11 Open JDK, TLS version 1.2 is enabled by default. Older versions of TLS, like 1.0 and 1.1 can be labeled as unsafe. If your organization policy requires you to actively disable these protocols, there are two ways to do this. The first is the quick solution, the second is the recommended solution.
Add the correct protocol version to the server.wrapper.conf file
Add the following line to the server.wrapper.conf file in the conf folder of the Horizzon Server installation and save the changes:
wrapper.java.additional.10 = -Dhttps.protocols=TLSv1.2
Disable older versions in Java
Disable older versions in Java, applying this change to all programs using your Java (so not only for the Bizzdesign Horizzon Server). To do this, edit the java.security file. It can be found in the following location:
...../<java installation folder>/conf/security
Add the algorithms you want to disable to the jdk.tls.disabledAlgorithms property in the file and save the changes. For example, disabling TLS1.0 and TLS1.1 would look as follows:
jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
EC keySize < 224, 3DES_EDE_CBC, anon, NULL**, TLSv1, TLSv1.1**
For more information, please refer to https://www.java.com/en/configure_crypto.html#DisableTLS.
网友评论