on 2018 Oct 18 8:00 PM
Hello everyone,
My JVM is 6.1 patch 096. According to note 0002417205 support for TLS 1.0 to 1.2 is available and working since JVM 6.1 patch 093.
My SERVERCORE component is 7.31 so it should support TLS1.0 to 1.2 communications according to note 2284059.
My questions are the following:
Will I have to change any kind of configuration for IdM to properly work if support for TLS 1.0 is ended? My outgoing connections use standard SAP provided scripts with ABAP, HANA and JAVA environments. I have not modified any of the java libraries for these connections.
If an upgrade to JVM 8 is mandatory, will this break my current installation of IDM? Will any of the standard scripts cease to work? Will I have to upgrade our kernel from 7.31 to 7.50?
I'm using Eclipse Oxygen.2 Release (4.7.2). Will this keep working and display IdM properly?
Please, if there's anything I missed. Let me know and I'll provide it.
Hi Marcos,
My IdM system is also running on SAP JVM8 and IdM 8 combination. Eclipse is Neon.
It should be fairly easy to switch JVM for SAP IdM. You do not have to upgrade SAP NW JAVA's JVM. They can choose different JVMs.
The simpliest way I guess is to backup your JVM6 and copy the JVM8 to a new folder, then change the setting of IdM runntime (dispatchers) to use the new JVM. Anothing goes wrong, you can switch them back.
Cheers
Chenyang
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Thank you for your answers and interest Chenyang. I have my final questions that I hope you can help me with:
The environments that my IdM is connected to will stop accepting any kind of TLS 1.0 communication which I understand is the default used by IdM.
- Is there someway in which I can make/force IdM to only use TLS 1.2 with both outbound and incoming connections?
- By pointing the dispatchers settings to an updated version of my jvm.dll and jdbc jar will that be enough or is there a configuration within IdM that I need to change or a setting to toggle?
- Will I have to change something in eclipse as well?
Hi Marcos,
Which IdM version you are running on? I assume upgrading to JVM8 will have no impact to your IdM implementation, unless you are using some Java functions that are specific to JVM6 and below.
TLS1.0 or 1.2 are using for HTTP type of communication. It has no impact to the ABAP connection. You need to test the Java and HANA connection, as well as your eclipse connection.
Cheers
Chenyang
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Chenyang, thanks for the answer.
My IdM version is 8.0.
I'm glad that ABAP connections won't break. Is there something specific that happens with JVM 8 that I'll have to check the HANA and Java connections?
Also
-Is there a version of eclipse that's guaranteed to work if I upgrade to JVM 8? Or is this a trial and error thing?
-Is JVM 8 supporting all of the JVM 6 connections, tasks and activities or was something dropped or changed? We are not using any specific configuration on our NW to run IdM. I understand that note 2514308 is mentioning that we can have an installation of JVM 8 and components will keep working. But will an upgrade of our NW 7.31 SP22 be necessary to support JVM 8?
JDK 8 uses TLS1.2 by default. I don't think you need to do anything to enforce that, because it is usually done on the server side.
If you really need to enforce it from the client side (your IdM dispatchers), please read this document (How to change the protocol version on client side).
https://www.java.com/en/configure_crypto.html
To switch to a new JDK, I think you will need the full set of JDK, not the JVM.dll itself. I think it should be fairly straight forward.
Eclipse is the IdM design time and I believe it is already running on JDK 8?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
69 | |
13 | |
10 | |
10 | |
9 | |
9 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.