I am trying to enable TLSv1.1 version in WSO2 APIM 4.2 by following this documentation, but it does not seem to be working.
To test the configuration, I am using the testsslserver.jar tool:
java -jar testsslserver.jar localhost 9443
java -jar testsslserver.jar localhost 8243
java -jar TestSSLServer.jar localhost 8243
Supported versions: TLSv1.2
Deflate compression: no
Supported cipher suites (ORDER IS NOT SIGNIFICANT):
TLSv1.2
RSA_WITH_AES_128_CBC_SHA
DHE_RSA_WITH_AES_128_CBC_SHA
RSA_WITH_AES_256_CBC_SHA
DHE_RSA_WITH_AES_256_CBC_SHA
RSA_WITH_AES_128_CBC_SHA256
RSA_WITH_AES_256_CBC_SHA256
DHE_RSA_WITH_AES_128_CBC_SHA256
DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
----------------------
Server certificate(s):
817cfa10c038e0f202c9bdddddddd8b2fe15a7a: CN=localhost, OU=WSO2, O=WSO2, L=Mountain View, ST=CA, C=US
----------------------
Minimal encryption strength: strong encryption (96-bit or more)
Achievable encryption strength: strong encryption (96-bit or more)
BEAST status: protected
CRIME status: protected
WARN - SourceHandler I/O error: Client requested protocol SSLv3 is not enabled or supported in server context
WARN - SourceHandler I/O error: Client requested protocol TLSv1 is not enabled or supported in server context
WARN - SourceHandler I/O error: Client requested protocol TLSv1.1 is not enabled or supported in server context
First, you need to check whether TLSv1.1 is enabled in your JDK. In latest jdk versions, TLSv1.1 is disabled by default. In order to enable it, you can follow below steps.
If the TLSv1.1 is disabled in the JDK, APIM server will not be able to use TLSv1.1 even if you configured the HttpsProtocols.