Diplomat MFT prior to 9.1 supported TLS 1.3 connections only by setting a couple of configuration options.
Configuring diplomat.custom.properties
As seen in this other KB article, you must edit the contents of the file “diplomat.custom.properties” and place this file into “c:\programdata\coviant software\diplomat-j” in order to configure SSL and SSH cryptography settings.
Attached is a diplomat.custom.properties file that has TLSv1.3 and corresponding strong ciphersuites enabled for all SSL connections.
Download this file and place it into “c:\programdata\coviant software\diplomat-j”
(if you are configuring this for a TRIAL of Diplomat MFT, place this file into “c:\programdata\coviant software\diplomat-trial” instead)
Configuring Diplomat MFT JVM Properties
For TLS 1.3 to work, the Java Virtual Machine (JVM) under which Diplomat MFT runs must be configured to use the OpenJSSE Security Provider. To do so, we will add the JVM property “-XX:+UseOpenJSSE” to the Tomcat environment.
Open a command prompt and change directory into “c:\program files\coviant software\diplomat-j\tomcatWebserver\bin”.
Type the command
tomcat8w.exe //ES//DiplomatMFT64
(if you are configuring this for a TRIAL of Diplomat MFT, use “//ES//DiplomatTrialServer” instead)
If you are prompted to run this command as an Administrator, choose YES.
In the control panel that comes up, click the “Java” tab across the top, and locate the option labeled “Java Options.” Click inside this box, scroll to the bottom, and add this on a new line:
-XX:+UseOpenJSSE
Press OK to apply the changes.
Restart the Diplomat MFT Service
Now restart the Diplomat MFT service. At this point, your SSL connections will all use TLS1.3.
If you need to configure TLS 1.3 at a more granular level, for example on a specific FTP outbound connection, refer to this KB article on how you can specify values in diplomat.custom.properties to achieve this.