How to override the pyInvokeRestConnector activity to change SSL Protocol version in PRPC v7.1.7
How to override the pyInvokeRestConnector activity to change SSL Protocol version in PRPC v7.1.7?
**Moderation Team has archived post**
This post has been archived for educational purposes. Contents and links will no longer be updated. If you have the same/similar question, please write a new post.
Accepted Solution
Pegasystems Inc.
US
Thank you Abhijit and Vidyaranjan,
This issue or question has been addressed as below -
- Save the “pyInvokeRESTConnector” rule under Pega-IntergrationEngine:07-10-15 ruleset to your own application ruleset.
- Modify the Step4 (Initialize HTTP Client and handle authentication) Java code as below to modify the protocol version from “SSL” to “TLSv1.2” as highlighted below –
if (serviceURL.toLowerCase().startsWith("https"))
{
com.pega.apache.http.conn.ssl.SSLSocketFactory sf = null;
// HFix-9721 START
String truststoreName = stepPage.getString("pyTruststoreName");
String keystoreName = stepPage.getString("pyKeystoreName");
// Create a new SSLContext that merges custom PRPC keystore/truststore with default JDK ones
javax.net.ssl.SSLContext sslContext = tools.getServiceUtils().getSSLContext(keystoreName, truststoreName, protocol);
sf = new com.pega.apache.http.conn.ssl.SSLSocketFactory(sslContext);
- Save the rule and test your Connect-REST.
Telstra
AU
Hi Ankur,
I wouldn't suggest overrding invoke activities [You may lose future updates coming to this activity]. Please raise an SR with Pega to check your options.
If that's a parameter, you can set it to a value you want before calling "Connect-REST" method.
Pegasystems Inc.
IN
Hi Ankur Das,
As the next plan of action, if you go ahead and raise an SR with GCS , I request you to share the SR number here, so that we can track it for you within the thread.
Thanks,
Vidyaranjan A V | Community Moderator | Pegasystems Inc.
Accepted Solution
Pegasystems Inc.
US
Thank you Abhijit and Vidyaranjan,
This issue or question has been addressed as below -
- Save the “pyInvokeRESTConnector” rule under Pega-IntergrationEngine:07-10-15 ruleset to your own application ruleset.
- Modify the Step4 (Initialize HTTP Client and handle authentication) Java code as below to modify the protocol version from “SSL” to “TLSv1.2” as highlighted below –
if (serviceURL.toLowerCase().startsWith("https"))
{
com.pega.apache.http.conn.ssl.SSLSocketFactory sf = null;
// HFix-9721 START
String truststoreName = stepPage.getString("pyTruststoreName");
String keystoreName = stepPage.getString("pyKeystoreName");
// Create a new SSLContext that merges custom PRPC keystore/truststore with default JDK ones
javax.net.ssl.SSLContext sslContext = tools.getServiceUtils().getSSLContext(keystoreName, truststoreName, protocol);
sf = new com.pega.apache.http.conn.ssl.SSLSocketFactory(sslContext);
- Save the rule and test your Connect-REST.
Pegasystems Inc.
AU
As you say,
modify the pyInvokeRESTConnector activity to not use "SSL" I use the following snippet:
String protocol = myStepPage.getString("pySSLProtocolVersion");
if(protocol==null) {
protocol = "SSL";
}
This requires specialising Rule-Connect-REST.RuleFormLayout to include section Rule-Connect-.pzSSLConfiguration, it however gives you the ability to define the protocol on a connector by connector basis.
Schwab
IN
How to fix this for 7.1.6 PEGA version?
if we try to use above code, its giving error as below:
The method getSSLContext(String, String, String) is undefined for the type ServiceUtils
any quick workaround for this?