简体繁体 English

用于 TLS 1.2 测试的网络服务

[英]Webservice for TLS 1.2 testing

原文 2018-02-09 07:02:39 2 1 java/ web-services/ jython

Our enterprise datawarehouse (EDW) sources data from many interanal & external sources.我们的企业数据仓库 (EDW) 从许多内部和外部来源获取数据。 We use Oracle data integrator (ODI) as teh ETL tool to extract data from the sources.我们使用 Oracle 数据集成器 (ODI) 作为 ETL 工具从源中提取数据。 ETL jobs are executed using an ODI agent which is nothing but a Java process. ETL 作业是使用 ODI 代理执行的，该代理只不过是一个 Java 进程。 One of the external sources for the warehouse is a webservice.仓库的外部来源之一是网络服务。 Data is extracted from this webserice using Jython (wrapped within ODI).使用 Jython（包装在 ODI 中）从此网络服务中提取数据。 Jython as you might know is a Python variant which runs within JVM.您可能知道 Jython 是在 JVM 中运行的 Python 变体。 The Jython job runs under the ODI agent (java) process and extracts data from the webservice. Jython 作业在 ODI 代理 (java) 进程下运行，并从 Web 服务中提取数据。

Coming to the problem we are facing now- The external webservice provider has indicated that soon they will support only TLS 1.2 and will remove support for older TLS connections.谈到我们现在面临的问题 - 外部网络服务提供商表示很快他们将仅支持 TLS 1.2，并将取消对旧 TLS 连接的支持。 The ODI agent is currently on JDK1.6 Update 33 and support TLS 1.1. ODI 代理目前在 JDK1.6 Update 33 上并支持 TLS 1.1。 We are planning to upgrade the ODI agent to Java 7 (which supports TLS 1.2) so that we will be able to connect to this webservice.我们计划将 ODI 代理升级到 Java 7（支持 TLS 1.2），以便我们能够连接到此 Web 服务。 The Java upgrade involves lot of work mainly to ensure that it does not break existing ETL jobs. Java 升级涉及大量工作，主要是为了确保它不会破坏现有的 ETL 作业。 If there are any impacts, we might not be able to upgrade.如果有任何影响，我们可能无法升级。 An alternate option is it create a separate Java process (outside of ODI) running under its own JDK (which can be even Java 8) to connect to this web service.另一种选择是创建一个单独的 Java 进程（在 ODI 之外），在其自己的 JDK（甚至可以是 Java 8）下运行以连接到此 Web 服务。

Are there any risks in the above options?以上方案是否存在风险？ It is going to take a while for the provider to give the webservice which supports only TLS 1.2.提供商需要一段时间才能提供仅支持 TLS 1.2 的网络服务。 Are there any public webservices which support only TLS 1.2 that can be used by for our testing?是否有任何仅支持 TLS 1.2 的公共网络服务可用于我们的测试？ Can you please share them?你能分享一下吗？

1 个解决方案

Maybe not entirely what you're looking for, but it might be wise to have two seperate development projects for both the old and the future ODI agent to keep things transparent.也许不完全是您要找的东西，但为旧的和未来的 ODI 代理设置两个单独的开发项目以保持透明可能是明智的。 Especially when testing the new version.尤其是在测试新版本时。 It's also advisable to set up a dedicated testing/QA environment for this.还建议为此设置专门的测试/QA 环境。

Be sure to keep your production ODI repository safe, you could use a testing repository with some exported projects for this.确保您的生产 ODI 存储库安全，您可以为此使用带有一些导出项目的测试存储库。 Maybe this link below might be useful: https://www.redbridgesoftware.com/products/life-cycle-management-for-odi.html也许下面的这个链接可能有用： https : //www.redbridgesoftware.com/products/life-cycle-management-for-odi.html