Composer cannot connect to the Repository - Error: ... Failed to retrieve valid security token ... could not establish trust relationship for the SSL/ TLS secure channel with authority
Deploy stays in waiting when TLS 1.0 is removed from server.xml - Invoking import callback failed: Error observed by underlying SSL/ TLS BIO: No such file or directory
DimCM: 14.4: DMDBA: DMDBA on AIX fails with "0509-130 Symbol resolution failed for /var/serena/dimensions/14.4/cm/lib/libtls13212d.a[ tls 12d.o]" error
6.1.1, Serena Deployment Automation (SDA) has enhanced security to connect through TLS 1.2, TLS 1.1, or TLS 1.0 protocols supported by Java 6 and above, and rejects connection through earlier SSL protocols such as SSLv3 and SSLv2Hello. If you have agents that have been connecting using one of the rejected protocols, your agents may try to connect through the unsupported protocol and the connection will be rejected.
Serena Mariner on Demand and Agile on Demand require SSL 3.0 or TSL 1.0 in order to access the website. By default Internet Explorer 6 and 7 have these encryption algorithms enabled. If SSL 3.0 and TLS 1.0 are disabled you will see a message that says "Internet Explorer cannot display the webpage" instead of the login page.
To get a more secure encryption it is possible to configure the system to use the SSDP (Secure Standard Dimensions) protocol. Encryption will then be provided using TLS version 3.1 using the following cipher suite: TLS _DHE_RSA_WITH_3DES_EDE_CBC_SHA
This document assumes that SSL/ TLS has already been enabled on IIS and the SBM Tomcat. It will also work if you SBM Tomcat is installed on a different server from IIS.
General Information POODLE (Padding Oracle On Downgraded Legacy Encryption): This is the result of a flaw in the SSL 3.0 protocol, and the specific attack may allow a man-in-the-middle to intercept parts of SSL-encrypted communications. BEAST (Browser Exploit Against SSL/ TLS ): This leverages weaknesses in cipher block chaining to exploit the SSL protocol.
For higher security environments Dimensions CM can be configured to encrypt all network traffic using SSL (see the Secure Sockets Layer Support appendix in the Dimensions CM Administrators Guide). When running over SSL the traffic is encrypted using TLS version 3.1 with the following cipher suite: