Share this page
Enable TLS to replace deprecated SSL protocols
If your security guidelines require the use of new TLS security protocols in place of the deprecated SSL protocols, you need to enable TLS in Windows.
Incoming connections
OpenText Service Virtualization uses Microsoft IIS and the related HTTP listener for the implementation of the OpenText Service Virtualization HTTP(S) Gateway agent, the REST management service, and Service Virtualization Management.
By default, IIS and the HTTP listener support the security protocols SSL 2.0 and 3.0 for incoming connections. These protocols are no longer considered secure, and are replaced by TLS 1.1 and TLS 1.2 protocols.
IIS and HTTP listener also support TLS 1.1 and 1.2, but TLS is not enabled in most Windows versions by default. If your security guidelines requires use of new security protocols, you need to enable TLS in Windows.
Note:
- Enabling TLS improves security settings but may prevent some older clients or services from connecting to OpenText Service Virtualization.
- This change impacts all applications and users using the IIS service on the machine — not only OpenText Service Virtualization.
To update the system registry to use TLS instead of SSL:
- Run the following script provided by OpenText Service Virtualization: setUseTLSInsteadOfSSL.bat, located in ConfigurationTools subfolder of the OpenText Service Virtualization Server or Designer installation folder. This script backs up the relevant part of the system registry to your %USERPROFILE% folder and updates the system registry to use TLS instead of SSL.
- Restart the computer to apply changes.
Outgoing connections
Outgoing (client) connections from OpenText Service Virtualization are not restricted to using TLS by default. Enforcing the use of TLS security protocol for outgoing connections may prevent OpenText Service Virtualization from connecting to older real services that are being virtualized, and is therefore not recommended.
You can modify the set of enabled security protocols used by OpenText Service Virtualization for outgoing connections by modifying the following entries in the application configuration files. The default values are:
<add key="SV.Https.Client.UseSsl3" value="True" />
<add key="SV.Https.Client.UseTls10" value="True" />
<add key="SV.Https.Client.UseTls11" value="True" />
<add key="SV.Https.Client.UseTls12" value="True" />
By default, the configuration files are located in the following locations:
-
Service Virtualization Server configuration file: C:\Program Files\OpenText\Service Virtualization Server\Server\bin\HP.SV.StandaloneServer.exe.config.
- Designer configuration file: C:\Program Files\OpenText\Service Virtualization Designer\Designer\bin\VirtualServiceDesigner.exe.config.
The list of enabled security protocols can also be restricted on the system level, by modification of the registry keys under:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols
If any security protocol is disabled in the system, it is not possible to use it regardless of the OpenText Service Virtualization settings.
For more details about management of security protocols: https://support.microsoft.com/en-us/kb/245030.
