The IP sprayer or load balancer may accept many different types of encryption methods, the method chosen is negotiated on connection. By default this would currently be a Transport Layer Security (TLS) connection, but the IBM Domino servers behind the company firewall may negotiate a Secure Sockets Layer version 3 (SSLv3) connection. GSX Monitor would not allow this downgrade to happen from the more secure TLS encryption and would need to be modified to connect using SSLv3 continuously to allow monitoring of the pool. This article describes how to check if the SSLv3 is available at the load balancer.
GSX Monitor will request a TLS 1.0 connection by default and it will not allow this to be downgraded to SSLv3. If the Traveler pool is using IBM Domino servers that use SSLv3 encryption then GSX Monitor would need to be modified in order for it to use SSLv3 as the default setting, overriding the TLS 1.0. In some instances the SSLv3 will be disabled on the load balancer or IP sprayer. Below we will check if it is available by disabling the TLS options in a browser.
The procedure below is only possible using Internet Explorer. FireFox and Chrome do not have the same options.
Disabling TLS in Internet Explorer
- Open Internet Explorer.
- Enter the https URL of the Traveler Pool to get to an authentication page.
- Go to Tools > Internet options.
- Select the Advanced tab and scroll down until you see the SSL and TLS options.
- Clear all the TLS options and only leave Use SSL 3.0 ticked.
- Press OK to apply the changes and close the dialog box.
- Reload the page.
- If you see the following error, then SSLv3 is not available for the URL:
If the page loads normally, then SSL3 is available. Click here to use this modification to monitor the Traveler pool.