My understanding is SPS (12.52 SP1 CRxx) as a server (Apache) can support TLS 1.2 and TLS 1.2. But, SPS as a client (TomCat), cannot currently request a TLSv1.1 or TLS 1.2 connection to the back-end server. Is that correct ? CA has road map on when SPS can fully support TLS 1.2 ?
For browser to SPS Apache connection: TLS 1.1 and TLS 1.2 support is included in SPS R12.52 SP1 CR02 and higher.
For SPS Server (Tomcat) to Backend Application Server connection: TLS 1.1 and TLS 1.2 support is included in SPS 12.52 SP1 CR04 and higher.
Thanks, Ujwol. What is the latest SPS version available ? SPS version 12.52 SP2 CR01 available like policy server ?
12.6 (soon to be released)
However, you cannot assume that SP(X+1) will include all the fixes from SP(X)
Each are on their own code branch.
So, 12.52SP2CR1 even if released after 12.52SP1CR5 might not have all the fixes included in CR5.
Thanks, Ujwol.If 12.52SP2CR1 doesn't have all fixes included in 12.52SP1CR5, how can we choose the version that has all the fixes included ? 12.52SP2CR1 has full support (browser -> SPS and SPS -> backend server) for TLS 1.2.
We are deploying SPS on new servers and would like to go with latest SPS version that has all fixes and enhancements, which version (12.52SP2CR1 or 12.52SP1CR5) would you recommend ?
It will get more stable once the product matures but there will still be defects.
I will suggest to review the fixes and enhancement included in individual CR (available in the docops) to make this consideration.
(It seems on 12.52SP1 we now have CR6 as well)
I think for this particular case our choice is simple as we do not seem to have SPS availabilty for 12.52SP2/12.52SP2CR1. Only policy server is released.
So my suggestion would be to go with 12.52SP1CR6 for SPS
Alright, we will go with SPS version 12.52SP1CR6 as 12.52 SP2 is still not available. Thanks for your reply.
Please mark this thread as answered.
Sorry, how I do mark the thread as answered ?
Oh, this was set as "Discussion" previously so you didnt' have the option to mark correct answer.
I have changed this to Question now you should be seeing the option to mark correct answer.