New Java properties to set default TLS version

New in PolicyCenter 9.0.5 is the ability to use Java system properties to set the default TLS version to use on outgoing secured connections. Use these property overrides to provide a comma-separated list of TLS protocol versions. PolicyCenter uses the first item on the list as the preferred protocol. If that protocol is not available, PolicyCenter tries the subsequent protocols on the list until the connection either succeeds or fails completely.
The following table lists the available property overrides.
Web service type Property Syntax
WS-I gw.webservices.tls.protocols -D.gw.webservices.tls.protocols="a, b"
RPC gw.tls.protocols -Dgw.tls.protocols="a, b"
In the table, a and b refer to TLS versions, for example:
  • <java> ... -D.gw.webservices.tls.protocols="TLSv1.2, TLSv1.1"
Notice the following for this example:
  • The property definition indicates that TLS1.2 is the preferred protocol. However, if TLS1.2 is not available, PolicyCenter attempts to use TLS 1.1 instead.
  • The property definition affects only client WS-I web service calls.

See also