TLS 1.2 and TLS 1.3 Support for Windchill
Starting Windchill 12.0.2.0, TLS 1.3 is a supported option and is set as the default configuration. TLS 1.2 support is continued and can be configured manually as mentioned below in the same topic.
Following Windchill clients and integrated solutions do not support TLS 1.3:
• Thingworx/Navigate
• Cognos
• Windchill with CAC PKI authentication.
|
|
PTC does not recommend TLS 1.1 (or earlier) configurations. You can use TLS 1.2 or TLS 1.3 in Windchill configurations.
|
Enabling TLS 1.2
Option to configure TLS 1.2 manually is available. Follow the below mentioned steps for the TLS 1.2 configuration:
1. Update the mod_ssl.conf.template file located at <ApacheHome>/conf/template/ as below:
SSLProtocol -all +TLSv1.2
SSLProxyProtocol -all +TLSv1.2
2. Run the command from Windchill shell and <Apache_Home>:
ant -f config.xml reconfigure
3. Restart the Apache HTTP server.
Configuring TLS 1.3 CipherSuites for Windchill
Windchill does not explicitly set any CipherSuite value OOTB for
TLS 1.3.
Windchill Apache HTTP Server uses
OpenSSL for
TLS implementation. If you want to update the
WindchillTLS 1.3 CipherSuite configuration, follow the Apache HTTP Server 2.4 documentation for
SSLCipherSuite and
SSLProxyCipherSuite directives.
For more information on
TLS 1.3 CipherSuites, refer
OpenSSL article
TLS 1.3. Follow the below mentioned steps after configuring
TLS 1.3 CipherSuites for
Windchill.
• Run the command below from <Apache_Home> and Windchill shell.
ant -f config.xml reconfigure
• Restart Apache HTTP Server.
