Cannot access WebService configured on TLS1.2 from Worklight HTTP Adapter

Question

I am trying to access the 3rd party SOAP service(securedSOAPService) from IBM Worklight 6.1 application server through HTTP Adapter.

Following is the configuration of adapter.xml of HTTP Adapter,

<?xml version="1.0" encoding="UTF-8"?>
<wl:adapter xmlns:wl="http://www.worklight.com/integration" xmlns:http="http://www.worklight.com/integration/http" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" name="demoAdapter">
   <displayName>demoAdapter</displayName>
   <description />
   <connectivity>
      <connectionPolicy xsi:type="http:HTTPConnectionPolicyType">
         <protocol>https</protocol>
         <domain>mydomain.com</domain>
         <port>8080</port>
      </connectionPolicy>
      <loadConstraints maxConcurrentConnectionsPerNode="2" />
   </connectivity>
   <procedure name="securedSOAPService" />
</wl:adapter>

Below are the observations:

• The services returns "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" when service “securedSOAPService” is configured with TLS1.2.

• When we change the service to use TLS1.0, it works fine.

I want to enable HTTP adapter to work when Service is configured on TLS1.2.

Note: SSL is not configured on Worklight server.

Answer 1

Finally we figured out a solution which will work for limited ciphers of newer protocols(i.e. TLSv1.1,TLSv1.2),

1. Updated JAVA to 1.7.0_80 (or higher).
2. Enabled the TLS 1.1 and TLS 1.2 support from Java configuration.
3. change the configuration of TLSv1.2 in server.xml (link)
4. Added configuration in jvm.options of TLSv1.2 to make connection with higher protocol.
5. Added third party library 'BouncyCastle' to enable DH keypair.
6. Alter configuration in java.security add entry for BouncyCastle.
7. Restart the server.

Note: This will work for limited ciphers only. Best practice would be to use a newer version of java.

Thanks a lot Mohammed Ashfaq for your help!