In this section:

SSL

All DTP REST APIs, as well as the API Documentation, communicate over SSL. An SSL port is configured in new DTP installations by default, but if you are migrating from Concerto (prior to version 4.9.4) you must configure the SSL manually. See Enabling SSL for instructions. If you are currently running Concerto 4.9.4, you should already have configured the SSL.

DTP Enterprise Pack Settings

DTP and DTP Enterprise Pack must use the same protocol (either HTTP or HTTPS). See Enabling SSL for additional information.

SSLv3 is deactivated in JRE 1.7.0_75

DTP version 5.1.3 and later ships with Java 1.8.0_102-b14. Since JRE 1.7.0_75, SSLv3 is deactivated by default for security reasons. Per Oracle’s release notes for JRE 1.7.0_75:

"Starting with JDK 7u75 release, the SSLv3 protocol (Secure Socket Layer) has been deactivated and is not available by default. See the java.security.Security propertyjdk.tls.disabledAlgorithms property in the <JRE_HOME>/lib/security/java.security file."

SSLv3 contains a serious security vulnerability and should not be used. The protocol is obsolete across many platforms, including DTP. 

If SSLv3 is required in your environment, you can reactivate the protocol by removing SSLv3 from the jdk.tls.disabledAlgorithms property in the [DTP_HOME]/jre/lib/security/java.security file. You can also dynamically set the Security property to true before JSSE is initialized. 

Tomcat Server

DTP ships with and runs on Tomcat 9.0.33. You should only have one instance of Tomcat running on the same machine to avoid conflicts related to port configuration.

If multiple Tomcat configurations are necessary in your infrastructure, you can edit the [DTP_HOME]/tomcat/conf/server.xml file to ensure that servers run on different ports. For example, you may run a Tomcat shutdown on port 8005, and another on port 18005.

  • No labels