1. Home
  2. User Guides
  3. Diplomat MFT 9.0
  4. How to enable TLS 1.3 in Diplomat MFT
  1. Home
  2. Installation and Set-up
  3. How to enable TLS 1.3 in Diplomat MFT
  1. Home
  2. Release Notes and Notifications
  3. How to enable TLS 1.3 in Diplomat MFT

How to enable TLS 1.3 in Diplomat MFT

Diplomat MFT prior to 9.1 supported TLS 1.3 connections only by setting a couple of configuration options.

Configuring diplomat.custom.properties

As seen in this other KB article, you must edit the contents of the file “diplomat.custom.properties” and place this file into “c:\programdata\coviant software\diplomat-j” in order to configure SSL and SSH cryptography settings.
Attached is a diplomat.custom.properties file that has TLSv1.3 and corresponding strong ciphersuites enabled for all SSL connections.
Download this file and place it into “c:\programdata\coviant software\diplomat-j”

(if you are configuring this for a TRIAL of Diplomat MFT, place this file into “c:\programdata\coviant software\diplomat-trial” instead)

Configuring Diplomat MFT JVM Properties

For TLS 1.3 to work, the Java Virtual Machine (JVM) under which Diplomat MFT runs must be configured to use the OpenJSSE Security Provider. To do so, we will add the JVM property “-XX:+UseOpenJSSE” to the Tomcat environment.

Open a command prompt and change directory into “c:\program files\coviant software\diplomat-j\tomcatWebserver\bin”.
Type the command

tomcat8w.exe //ES//DiplomatMFT64

(if you are configuring this for a TRIAL of Diplomat MFT, use “//ES//DiplomatTrialServer” instead)

If you are prompted to run this command as an Administrator, choose YES.

In the control panel that comes up, click the “Java” tab across the top, and locate the option labeled “Java Options.” Click inside this box, scroll to the bottom, and add this on a new line:

-XX:+UseOpenJSSE

Press OK to apply the changes.

Restart the Diplomat MFT Service

Now restart the Diplomat MFT service. At this point, your SSL connections will all use TLS1.3.

If you need to configure TLS 1.3 at a more granular level, for example on a specific FTP outbound connection, refer to this KB article on how you can specify values in diplomat.custom.properties to achieve this.

Updated on September 26, 2022

Article Attachments

Was this article helpful?

Related Articles