MID Server TLS 1.1

Go to solution
TT3
Kilo Guru

‎02-15-2022 04:44 PM

I got following notification form ServiceNow:

Beginning with the Now Platform® Utah release planned for March 2023, ServiceNow MID Server offering will no longer support TLS 1.1 or below.  

TLS 1.2 and newer protocols will not be impacted, and no action is needed. However, if you utilize TLS 1.1 or below, please take a moment to review the below.  

How do we know which version of TLS is being used?

Thank you.

Labels:
0 Helpfuls
  • 3,812 Views
1 ACCEPTED SOLUTION

Go to solution
Hitoshi Ozawa
Giga Sage
Giga Sage

‎02-15-2022 06:23 PM

Open ServiceNow page.

If using Chrome, press the F12 key.

Select the "Security" tab and look for TLS.

find_real_file.png

View solution in original post

Preview file
25 KB
18 REPLIES 18

Go to solution
James Rostron2
Mega Expert

‎02-18-2022 08:16 AM

**Update from the case I raised with Support**

Issue:

You would like to know how to identify integrations connecting to the MID server with TLS 1.1 or below.

Solution Proposed:

You will need to log the TLS versions used during the TLS handshake inorder to identify the versions being used.

Please carry out the following steps on the test MID server to enable debugging of the TLS handshake information.

1. Using a suitable editor (such as Notepad++), edit the file: [midserver path]/agent/conf/wrapper.conf

2. Add the line below into the file and save the file.
########################################

wrapper.java.additional.53=-Djavax.net.debug=ssl,handshake


########################################

3. Restart the MID Server.

4. Confirm if you can view additional debug logging written to the file: [midserver path]/agent/logs/wrapper.log

5. Review the file wrapper.log for any requests having lower versions of TLS

Go to solution
CF3
Tera Expert
In response to James Rostron2

‎02-18-2022 09:10 AM

Beautiful, thanks for that James.

0 Helpfuls

Go to solution
James Rostron2
Mega Expert

‎02-28-2022 07:49 AM

Just wondering if anyone has managed to run this yet and was it useful?

I don't have access to the host machine to do this so won't know myself first-hand.

Thanks,

James

0 Helpfuls

Go to solution
CF3
Tera Expert
In response to James Rostron2

‎02-28-2022 09:26 AM

I'm turning this on right now. I'll update with more info soonTM.

0 Helpfuls

Go to solution
CF3
Tera Expert
In response to James Rostron2

‎02-28-2022 09:36 AM

Yup, that works. In the wrapper logs you can really just do a find for "TLS" and see what comes up, or specifically "TLSv1.1" or whichever version you want to look for.

Example from mine:

"javax.net.ssl|DEBUG|16|ECCQueueMonitor.40|2022-02-28 10:29:03.217 MST|ServerHello.java:968|Negotiated protocol version: TLSv1.2"

I'll probably just leave the value in wrapper.conf active for a week or so and do some periodic searches for tlsv1.1 to see whether there are any incoming requests to look into further.

0 Helpfuls