IBM Connections Files plugin not working within Notes when TLSv1.2 is enforced

After enforcing TLSv1.2 on our internal Connections 5.5 servers the Files plugin would not work.

In the IHS logs I would see errors such as

[warn] [client 80.229.222.90] [7f9a700a7060] [21173] SSL0222W: SSL Handshake Failed, No ciphers specified (no shared ciphers or no shared protocols). [xx.xx.xx.xx:62899 -> xxx.xxx.xxx.xxx:443] [09:45:11.000102454] 0ms

Enabling trace on IHS showed that the protocol being used was TLSv1.0 which matched Wireshark output. Oddly Status Updates and Activities plugins use TLSv1.2.

“GET /files/basic/api/library/4a7a7240-8f68-44d8-9447-7410cc2bb467/feed?pageSize=300&acls=true&sI=601 HTTP/1.1” 200 168770 TLS_RSA_WITH_AES_128_CBC_SHA TLSV1

I then had to allow TLSv1.0 until I could get an explanation from IBM.

Finally IBM came back with the following two lines to be added to the notes.ini.

SSL_DISABLE_TLS_10
DISABLE_SSLV3=1

Now in access_log I see TLSv1.2 being used.

“GET /files/basic/api/library/4a7a7240-8f68-44d8-9447-7410cc2bb467/feed?pageSize=300&acls=true&sI=601 HTTP/1.1” 200 168770 TLS_RSA_WITH_AES_128_GCM_SHA256 TLSV1.2

IBM also suggested that I check the following was set in plugin_customization.ini, which it was.

com.ibm.documents.connector.service/ENABLE_SSL=true

The notes.ini values have been pushed out to my colleagues via Domino policies.

Advertisements

Increasing library size for Connections communities using policies

A customer wanted more files to be added to a particular five communities. The default is a cumulative 512MB allowed to be uploaded to a community library. Changing the global value from 512MB to 1GB wasn’t the way to go about it so a new policy needed to be created to be applied to these five communities.

The customer wasn’t allowed access to the communities so the easiest way was to use the browse option as we only had the user’s word on what the name of all five were and searching on the name would require the syntax to be correct which it turns out was not the case…..

Start wsadmin

execfile(“D:\IBM\WebSphere\AppServer\profiles\Dmgr01\config\bin_lc_admin\filesAdmin.py”)

FilesLibraryService.browseCommunity(“title”, “true”, 1, 20)

FilesLibraryService.browseCommunity(“title”, “true”, 2, 20)

And so forth
FilesLibraryService.browseCommunity(“title”, “true”, 3, 20)

As I mentioned above, the communities were not listed. I’m not sure why as I do not have access to the servers nor saw the output.

As a catch all I asked the customer to dump all the communities using the following command

FilesLibraryService.exportSyncedResourceInfo(“c:/community_output.xml”, “community”)

(Note – It is meant to be a forward slash as it’s an xml).

This listed all their communities and from it I was able to find that the community names provided by the user were incorrect.

Now the syntax of the community names were corrected the following command was used which provided the community information.

commList = FilesLibraryService.browseCommunity(“title”, “true”, 1, FilesLibraryService.getCommunityCount())

FilesUtilService.filterListByString(commList, “title”, “Community”)

Output of the command is as follows (actual output after new policy applied):

FilesLibraryService.getById(“66530fc2-2859-48aa-a376-8ade74782611”)
{maximumSize=1073741824, size=523164256, percentUsed=0.4872346818447113, summary
=, createDate=Tue Feb 05 12:02:54 CET 2013, policyId=a4785094-6804-40a0-b68c-005
8e0541d91, externalContainerId=c702d7f1-c297-418e-b4a8-50ac1ee0aff2, themeName=d
efault, label=W59c3266be40d_4d80_925a_e8e85a278ec2, title=Community, own
erUserId=00000000-0000-0000-0000-000000000000, type=community, id=66530fc2-2859-
48aa-a376-8ade74782611
, externalInstanceId=W59c3266be40d_4d80_925a_e8e85a278ec2,
lastUpdate=Tue Apr 16 14:09:51 CEST 2013}

The libraryid is listed “id” in bold above, that is the value needed.

You can also get this value (which I didn’t realise at the time) in community_output.xml which was run earlier. The xml produced below shows the libraryid which is in bold.

-<snx:resource xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”Community” widgetInstanceId=”W59c3266be40d_4d80_925a_e8e85a278ec2″ id=”c702d7f1-c297-418e-b4a8-50ac1ee0aff2″ type=”community”>-<snx:creator xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”><email xmlns=”http://www.w3.org/2005/Atom”/><snx:userid xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>00000000-0000-0000-0000-000000000000</snx:userid></snx:creator>-<snx:lastmodby xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”><email xmlns=”http://www.w3.org/2005/Atom”>joe.bloggs@collaborationben.com</email><snx:userid xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>88aff0d8-465d-4987-bb4e-c3eea13b51be</snx:userid></snx:lastmodby><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”communityType”>private</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”communityThemeId”>default</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”contentApproval”>false</snx:property><snx:property xmlns:snx=”http://www.ibm.com/xmlns/prod/sn&#8221; name=”contentFlagging”>false</snx:property><snx:objectIdentifyingTerm xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”>Community</snx:objectIdentifyingTerm><snx:objectIdentifyingId xmlns:snx=”http://www.ibm.com/xmlns/prod/sn”&gt;66530fc2-2859-48aa-a376-8ade74782611</snx:objectIdentifyingId></snx:resource>

Now the libraryid is obtained you have to create a new policy.

Create the policy

FilesPolicyService.add(“1GB Community Policy”, 1073741824)

Take a note of the UUID created (in this format 00000000-0000-0000-0000-000000000000) as this will need to be applied replacing the values in red.

Apply the new policy to the community

FilesLibraryService.assignPolicy(“66530fc2-2859-48aa-a376-8ade74782611”, “string policyId“)

Check that the community is now applied

FilesLibraryService.getById(“66530fc2-2859-48aa-a376-8ade74782611”)

You should see that the values in blue below have changed and are in line with the new policy.

{maximumSize=1073741824, size=523164256, percentUsed=0.4872346818447113, summary
=, createDate=Tue Feb 05 12:02:54 CET 2013, policyId=a4785094-6804-40a0-b68c-005
8e0541d91, externalContainerId=c702d7f1-c297-418e-b4a8-50ac1ee0aff2, themeName=d
efault, label=W59c3266be40d_4d80_925a_e8e85a278ec2, title=Community, own
erUserId=00000000-0000-0000-0000-000000000000, type=community, id=66530fc2-2859-
48aa-a376-8ade74782611
, externalInstanceId=W59c3266be40d_4d80_925a_e8e85a278ec2,
lastUpdate=Tue Apr 16 14:09:51 CEST 2013}