Forcing TLS V1.0

We are using mendelson opensource OFTP2 1.0 build 35 for data exchange with our customer VW/AUDI.

We are getting SSL handshake failures when the VW OFTP2 server is trying to establish a connection to our OFTP2 server.

Actively establishing the connection from our OFTP2 server to the remote server works fine.

Running mendelson OFTP2 in SSL debug mode shows, that sometimes TLS V1.2 is used. The VW OFTP2 server only supports TLS V1.0.

Is there an option to force mendelson OFTP2 to use TLS V1.0 instead of TLS V1.2?

Thanks in advance.

Forum
OFTP2

Comments

Profile picture for user service
Permalink

Matthias Vogel,

We offer the protocols "TLSv1.2", "TLSv1.1", "TLSv1" in the server (see [code]sslFilter.setEnabledProtocols(OFTP2Server.SSL_PROTOCOL_LIST);[/code] in the class OFTP2Server.java). Means this is an unexpected behavior as the mendelson OFTP2 server offers TLSv1.0. Perhaps this is a Java VM issue, TLSv1.0 might be disabled in your VM? What java VM are you running?
Please have a look at the file jre/lib/security/java.security. Is there a line like "jdk.tls.disabledAlgorithms=TLSv1"?

On the other side: Perhaps this is a good time to ask your partner to update to an actual OFTP2 implementation, see https://www.odette.org/publications/file/new-oftp2-implementation-guide… - TLSv1.2 is recommended.

Regards

Permalink

Thanks for the response.

We are using the Java VM installed by the mendelson OFTP2 installer (OS is Windows 7). The java.exe has version 8.0.51.16.

The file jre\lib\security\java.security contains the following line:

jdk.tls.disabledAlgorithms=SSLv3, DH keySize < 768

So TLSv1 seems not to be disabled.

To your suggestion to ask our partner to update: We are a small special machinery manufacturer. Asking VW to use an actual OFTP2 implementation might have no effect :-)

But I'll give it a try.

Are there other security settings that play a role for using TLSv1?

Can it be helpful to do a fresh install of the OFTP2 software?