PolicyCenter and the Transport Layer Security protocol
Guidewire applications use the TLS (Transport Layer Security) protocol while making WS-I and RPC web service connections to HTTPS endpoints. TLS is the only communication protocol that Guidewire supports for this purpose. There are multiple versions of the TLS protocol. All current releases of JDK 7 support TLS 1.0, TLS 1.1, and TLS 1.2.
The TLS default version is the underlying JDK default for the installed release of JDK 7. This is TLS 1.0 for the public, free (non-paid support), releases. However, use of the TLS 1.0 default can cause the connection to a server to fail if the server requires either TLS 1.1 or TLS 1.2.
Setting TLS version overrides
Guidewire provides several Java property overrides to set the default TLS version to use on outgoing secured connections. You can use these property overrides with either the paid support or the free versions of JDK 7. Use these property overrides to provide a comma-separated list of TLS protocol versions. PolicyCenter uses the first item on the list as the preferred protocol. If that protocol is not available, PolicyCenter tries the subsequent protocols on the list until the connection either succeeds or fails completely.
| Web service type | Property | Syntax |
|---|---|---|
| WS-I | gw.webservices.tls.protocols |
-D.gw.webservices.tls.protocols="a, b" |
| RPC | gw.tls.protocols |
-Dgw.tls.protocols="a, b" |
a and b refer to TLS versions, for
example: <java> ... -D.gw.webservices.tls.protocols="TLSv1.2, TLSv1.1"
- The property definition indicates that TLS1.2 is the preferred protocol. However, if TLS1.2 is not available, PolicyCenter attempts to use TLS 1.1 instead.
- The property definition affects only client WS-I web service calls.