How to disable TLSv1.3 on GW18 WebAccess.

  • 7023908
  • 03-Jun-2019
  • 03-Jun-2019

Environment

GroupWise 18

Situation

If you have problems to access WebAccess via various browsers, the one one reason behind is a problem of web browsers handling TLSv1.3 protocol.
What you typically get when hitting URL of your WebAcess is that the site cannot provide a secure connection with the complaints showed bellow - HTTP_SSL_PROTOCOL_ERROR.

Resolution

If this is a browser error not being able to handle properly TLSv1.3, then try if this is you case by disabling the TLSv1.3 in your browser:

In Chrome:

- chrome://flags/#tls13-variant

- Change TLS 1.3 to Disabled

- restart Chrome


In Firefox:

- Enter about:config in the address bar and press enter

- In the search space enter tls

- Change the value for security.tls.version.fallback-limit from 4 to 3

- Change the value for security.tls.version.max from 4 to 3

- Restart Firefox


If that resolves your issue, then there will be probably more users at your site having the same problems.

You can disable this protocol version on your server site by editing server.xml file located in /opt/novell/groupwise-tomcat/conf directory.

By default, we use to secure tomcat section (via the ".keystore file) and there is a corresponding section like:


    <Connector address="127.0.0.1" port="18080" protocol="HTTP/1.1"
               connectionTimeout="20000"
               redirectPort="18443" />


add there a single line which would restrict the protocol version to TLSv1.2:


<SSLHostConfig protocols="TLSv1.2">   


This section of the server.xml file will then look like:


    <Connector address="127.0.0.1" port="18080" protocol="HTTP/1.1"
        <SSLHostConfig protocols="TLSv1.2">   
               connectionTimeout="20000"
               redirectPort="18443" />


Save the changes and restart tomcat, i.e. rcgrpwise-tomcat restart.


Feedback service temporarily unavailable. For content questions or problems, please contact Support.