Does Spectrum OneClick support TLS 1.3 version?
search cancel

Does Spectrum OneClick support TLS 1.3 version?

book

Article ID: 233426

calendar_today

Updated On:

Products

CA Spectrum DX NetOps

Issue/Introduction

From which Spectrum Version can OneClick use TLS 1.3?

Environment

Release : 10.4.x, 20.2.x, 21.2.x

Component : Spectrum OneClick

Resolution

From the Broadcom Communities thread
https://community.broadcom.com/enterprisesoftware/communities/community-home/digestviewer/viewthread?MessageKey=21a15c61-caf8-4b25-8f1a-13ad00b71165&CommunityKey=671164c3-e575-4b08-96ab-edc2e1ceed13&tab=digestviewer#bm21a15c61-caf8-4b25-8f1a-13ad00b71165

TLS 1.3 was only supported in Java 11.  But seeing it may have been back ported to Java 8 in 8u262-b10 from AdoptOpenJDK
Spectrum uses Apache Tomcat as a webserver.  It appears Spectrum 10.4.3 ships OpenJDK Runtime Environment (AdoptOpenJDK)(build 1.8.0_275-b01).  So if you are running 10.4.3+, you might be able to enable TLS1.3.  

From Spectrum 21.2.x documentation, the communication between OneClick and Spectrum application uses TLS 1.3 by enabling the secure CORBA. Refer to:

https://techdocs.broadcom.com/us/en/ca-enterprise-software/it-operations-management/spectrum/21-2/administrating/oneclick-administration/oneclick-administration-pages.html

From 21.2.1, use Secure CORBA (TLS) for DX NetOps Spectrum  Communication
By default, the value is set to No.  DX NetOps Spectrum  applications like SpectroSERVER, ArchMgr, and LocServer daemons listen to connections on the existing CORBA 14002,14003 & 14004 ports along with secure CORBA  14012,14013 and 14014 ports.
No:  Indicates security is disabled. The OneClick server establishes insecure communication with the DX NetOps Spectrum  applications.
Yes:  Indicates secure communication between the OneClick server and the DX NetOps Spectrum  applications using TLS v1.3 authentication.
Powered by Wolken Software