IBM Support

ISM : Disable SSLv2 and SSLv3, and enable TLS1.1 and TLS1.2

Question & Answer


Question

How can you enable TLS1.1 and TLS1.2?

Answer

In 7.4.0.0-TIV-CAMIS-IF0013 and later releases, two new properties are available

  • 'SSLDisableTLS11' and
  • 'SSLDisableTLS12'
SSLDisableTLS12 disables the use of TLS v1.2 for the Monitor
SSLDisableTLS11 disables TLS v1.1

To enable them, add a property to the Monitor props file and set its value to 1

To disable TLS 1.1 and 1.2 for the HTTPS monitor, edit <ISM_HOME>/etc/props/https.props, and set:
SSLDisableTLS11 : 1
SSLDisableTLS12 : 1

Then restart the HTTPS monitor:

These parameters can also be used to enable TLS.

For example, to ensure the https monitor is using TLS v1.2, and not using SSL v2 or SSL v3,
Edit <ISM_HOME>/etc/props/https.props, and set:
SSLDisableSSLv2 : 1
SSLDisableSSLv3 : 1
SSLDisableTLS12 : 0

Then restart the HTTPS monitor:
> $ISMHOME/bin/ism_startup.sh stop nco_m_https
> $ISMHOME/bin/ism_startup.sh start nco_m_https


for reference, see documentation link:
https://www.ibm.com/support/knowledgecenter/en/SS5MD2_7.4.0.1/com.ibm.itcamt.doc/ism/dita/rg/topic/ISM_Ref_cipher_info.html

[{"Product":{"code":"SS5MD2","label":"Tivoli Composite Application Manager for Transactions"},"Business Unit":{"code":"BU053","label":"Cloud & Data Platform"},"Component":"ITCAM TRANSACT ISM 5724S79IS v710","Platform":[{"code":"PF002","label":"AIX"},{"code":"PF016","label":"Linux"},{"code":"PF033","label":"Windows"}],"Version":"7.4","Edition":"","Line of Business":{"code":"LOB45","label":"Automation"}}]

Document Information

Modified date:
17 June 2018

UID

swg21974053