This is a notice of the upcoming change in Q1 2022 with support of TLS 1.0/1.1 on Informatica Intelligent Cloud Services Secure Agents.
Support for TLS 1.0/1.1 will no longer be enabled by default on Informatica Intelligent Cloud Services Secure Agents (“Secure Agents”) from Q1 2022. Only TLS 1.2 will be enabled by default and customers requiring TLS 1.0/1.1 support will need to manually re-enable the older TLS protocols.
Informatica will continue to support TLS1.0/1.1 by default until that time.
Why are we doing this?
In conjunction with the above deprecation notice, OpenJDK began disabling TLS 1.0 and TLS 1.1 by default in April 2021. Informatica Intelligent Cloud Services will be upgrading the Secure Agent JDK to version 8u302 of OpenJDK during the October 2021 major release.
Informatica will overwrite the default JDK 8u302 setting to continue supporting TLS 1.0 and TLS 1.1 until the first Major release in Q1 2022 to allow customers time to prepare for TLS 1.2 default configuration.
What are the plans and actions you must take going forward?
- If you have previously disabled TLS 1.0/1.1 and standardized TLS 1.2, you must act after the IICS October 2021 major release. You will need to reset the JDK parameter on the secure agent that controls the allowed TLS algorithms. Please follow the KB article for steps.
- If you have not standardized TLS 1.2, we encourage you to do so and begin evaluating the overall readiness and test for TLS 1.2 compatibility prior to the first Major release in Q1 2022.
This will require you to review all the endpoints (databases, applications, mainframes, etc.) for TLS 1.2 support and ensure they are configured to support TLS 1.2. It is advised to deploy a test Secure Agent configured to only support TLS 1.2 as described in KB Article and test their connectivity and IICS workloads.
What connections does this impact?
- The connection from secure agent to IICS is always TLS 1.2. There is no impact on this in Q1 2022.
- All connections from the secure agent to your databases, applications, mainframes, etc. might have an impact in Q1 2022. You need to review all endpoints for TLS 1.2 support and ensure they are configured to support TLS 1.2.