PeSIT file transfers from SecureTransport to another MFT product fail over TLSv1 Legacy for certain ciphers

A change to CBC ciphers in SecureTransport made in response to CVE-2011-3389 causes a SecureTransport server to fail to transfer files to older version of Transfer CFT and other PeSIT clients over TLSv1 Legacy.

To enable SecureTransport to transfer files to such clients, disable the fix by adding the following Java option in <FILEDRIVEHOME>/bin/start_tm_console :

JAVA_OPTS="-Djsse.enableCBCProtection=false $JAVA_OPTS"

This workaround is considered insecure and using it is at your own risk.

Related Links