Question

How to configure HTTP connector to connect to external system on TLS 1.2?

Our application has to connect to external system through HTTP on TLS 1.2.

SOAP connector rules have the configurations to set TLS 1.2, but couldn't find such in HTTP connector.

How to configure HTTP connector to connect to external system on TLS 1.2?

Pega Version used is 7.1.8

Websphere (application server) version - 7.0.0.33

Regards,

Hareen

**Moderation Team has archived post**

This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.

Correct Answer
April 7, 2016 - 10:34pm

invokeHTTPConnector activity step 2 has the protocol hard coded as "TLS".

Below changes were made to fix this:

1.  Updated step 2 in the activity InvokeHTTPConnector to comment out the hard-coding of the protocol "TLS"2. Updated SSL outbound calls at websphere to send the requests in TLS 1.2 for the specific outbound URL.

Requests are going in TLS 1.2 after these changes.

Comments

Keep up to date on this post and subscribe to comments

December 22, 2015 - 6:57pm

Line 143 of Step 2 (Java Step), in InvokeHTTPConnector activity dictates the TLS version for HTTP Connectors.

There's two ways from here:

  1. Specialize InvokeHTTPConnector activity so all HTTP connectors use the new TLS version
  2. Specialize the Same activity, but have it reflect the same code as REST connectors, this has the benefit of allowing connector rules to specify the SSL/TLS Version:
    1. Change Line 143 to code snippet below:
    2. Specilaize Section Rule-Connect-HTTP.RuleFormLayout to include section Rule-Connect-.pzSSLConfiguration
String protocol = myStepPage.getString("pySSLProtocolVersion";

N.B. You should record any changes as upgrade dependencies as the feature may be available in future versions and your specializations will mask any updates in that area.

December 23, 2015 - 2:39am
Response to JoelMcLeish

Hi Joel,

Thanks for the reply, can you advise me on below please?

1. Line 143 in step 2 (Java) of InvokeHTTPConnector has below line, does this mean all the HTTP connectors use TLS now?

     String protocol = "TLS";

2. How does pega decide which TLS version (1.1 or 1.2) to use?

3. We are using Websphere application servers 7.0.0.1 /  7.0.0.33 in our environment, does use of the TLS versions depend on Pega's version used alone or is there any dependency on Websphere version?

4. Couldn't find pzSSLConfiguration section in ML 7.1.8, which ruleset / version has this rule?

Regards,

Hareen

December 23, 2015 - 2:50am
Response to Hareen.Yadlapalli

Hey Hareen,

I'm not intimately familiar with what choosing TLS will do unfortunately as I'm not deeply versed in the library it utilizes (professional services rather than engineering.)

pzSSLConfiguration definately exists, try searching as old:pzSSLConfiguration it may be marked internal.

if you look at that section it should link to the acceptable values for that field If you just wanted to hard code it in the Java step.

December 26, 2015 - 1:32pm
Response to Hareen.Yadlapalli

Hareen, you could try what Joel suggested. But I must ask you, isn't switching to REST connector instead of HTTP connector an option for you? We are encouraging our customers to prefer REST connectors to HTTP connectors as REST is more actively maintained and enhanced.

April 7, 2016 - 10:34pm

invokeHTTPConnector activity step 2 has the protocol hard coded as "TLS".

Below changes were made to fix this:

1.  Updated step 2 in the activity InvokeHTTPConnector to comment out the hard-coding of the protocol "TLS"2. Updated SSL outbound calls at websphere to send the requests in TLS 1.2 for the specific outbound URL.

Requests are going in TLS 1.2 after these changes.