PeSIT file transfer from Axway Transfer CFT to SecureTransport fail for certain ciphers

A change to CBC ciphers in SecureTransport made in response to CVE-2011-3389 causes older version of Transfer CFT and other PeSIT clients to fail to transfer files to a SecureTransport server. These clients fail because they do have the update or have other deficiencies in their SSL implementations.

To enable these clients to transfer to SecureTransport, add the following line after the last Java_OPTS= line in <FILEDRIVEHOME>/bin/start_pesitd to disable the fix in SecureTransport:

JAVA_OPTS="-Djsse.enableCBCProtection=false $JAVA_OPTS"

Related Links