Question & Answer
Question
How can you enable TLS1.1 and TLS1.2?
Answer
In 7.4.0.0-TIV-CAMIS-IF0013 and later releases, two new properties are available
- 'SSLDisableTLS11' and
- 'SSLDisableTLS12'
SSLDisableTLS11 disables TLS v1.1
To enable them, add a property to the Monitor props file and set its value to 1
To disable TLS 1.1 and 1.2 for the HTTPS monitor, edit <ISM_HOME>/etc/props/https.props, and set:
SSLDisableTLS11 : 1
SSLDisableTLS12 : 1
Then restart the HTTPS monitor:
These parameters can also be used to enable TLS.
For example, to ensure the https monitor is using TLS v1.2, and not using SSL v2 or SSL v3,
Edit <ISM_HOME>/etc/props/https.props, and set:
SSLDisableSSLv2 : 1
SSLDisableSSLv3 : 1
SSLDisableTLS12 : 0
Then restart the HTTPS monitor:
> $ISMHOME/bin/ism_startup.sh stop nco_m_https
> $ISMHOME/bin/ism_startup.sh start nco_m_https
for reference, see documentation link:
https://www.ibm.com/support/knowledgecenter/en/SS5MD2_7.4.0.1/com.ibm.itcamt.doc/ism/dita/rg/topic/ISM_Ref_cipher_info.html
Related Information
[{"Product":{"code":"SS5MD2","label":"Tivoli Composite Application Manager for Transactions"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"ITCAM TRANSACT ISM 5724S79IS v710","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.4","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]
Was this topic helpful?
Document Information
Modified date:
17 June 2018
UID
swg21974053