So on the message processor, to restrict protocols, you have to add a property in message-processor.properties like below:
# Possible values are a comma-delimited list of SSLv3, TLSv1, TLSv1.1, TLSv1.2# Ensure that you include SSLv3
conf/jvmsecurity.properties+jdk.tls.disabledAlgorithms=SSLv3,TLSv1,TLSv1.1
This adds the value in /APIGEE_HOME/edge-message-processor/conf/jvmsecurity.properties which is fine.
However, system.properties seems to reference jvmsecurity.properties on a relative path
java.security.properties=../conf/jvmsecurity.properties
I don't think this is something I configured at install time, though I might be mistaken. The gist of it is that if I start message processor up from the /APIGEE_HOME/edge/message-processor/conf directory, the tls disabled algorithms settings take. If I'm not in that directory, it doesn't seem to, and I suspect the relative path. I'm just doing a regular
apigee-service edge-message-processor start
Anyone else able to successfully change jvmsecurity.properties settings?
User | Count |
---|---|
7 | |
2 | |
2 | |
2 | |
1 |