Environment:
1. Websphere 7
2. Microsoft platform
Both are exposed to public using an instance of IBM WebSEAL and TAM infrastructure.
Application running on Websphere uses IBM TAI++ mechanism to provide SSO to client.
Application running on microsoft implements SSO by talking to user repository (proprietary SSO).
WebSEAL allows LOW ciphers, Both application allow only HIGH ciphers
Issue:
App running on Websphere 7 is responding to the requests from client using LOW encryption, however, application on microsoft is failing handshake for LOW ciphers.
If the app on Websphere is accessed with direct URL (not through WebSEAL), it successfully fails the LOW cipher requests.
How to restrict allowed ciphers to HIGH only?
