GroupWise POA not accepting TLSv1.1 connections after upgrade to 18.3

  • 7024926
  • 16-Nov-2020
  • 17-Mar-2021

Environment

GroupWise 18
GroupWise 18.3

Situation

GroupWise 18.3 code is installed.  Older clients can no longer connect.  The Post Office Agent no longer accepts earlier versions of TLS.

Resolution

In previous versions of GroupWise it was possible to allow for the weaker security by adding this line to the POA startup file:

 --sslOption "SSL_OP_ALLOW_TLSv1_1,SSL_OP_ALLOW_TLSv1,SSL_OP_NO_TLSv1_3"

 This line is still needed but now there is a second switch that also needs to be added to the start up file:

 --sslciphersuite "HIGH:!EXP:!aNULL:!MD5:!SSLv2:!LOW:!CAMELLIA256-SHA256:@STRENGTH"

With both switches added the POA should accept earlier TLS versions.

Cause

The security suite had been modified for GroupWise 18.3.  We do not recommend allowing for TLS version 1.1 but it some cases it is needed.  The default is to only allow TLS version 1.3 which is recommended for tighter security.