Some web sites require strong encryption, for example to monitor HTTPS sites that use TLS1.2 ciphers. Once you have enabled strong encryption in RPT to run these scripts, you need to make corresponding changes to the T6 agent.
A common mistake is to forget to make these changes in the T6 agent's file system. Then, these scripts fail to play back. You will see a message like the following in the T6 agent's trace-robotic.log in the BWM logs directory:
Cannot support SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384 with currently installed providers
Cipher suites that use AES_256, for example, require installation of the JCE Unlimited Strength Jurisdiction Policy Files on the T6 agent hosts.
The simplest solution is to borrow a copy of the local_policy.jar and US_export_policy.jar files from your RPT workbench -- since the scripts are running correctly in that environment. Then, replace these files in the T6 agent file system. These are the jar files that allow the agent to support strong encryption.
Please note that the following solution assumes you are using the default T6 installation on Windows. The T6 pathnames are similar on Unix/Linux.
1) Log onto the RPT workbench host where you exported the RPT scripts to the AMC. Copy the following files from the RPT host to a scratch directory on a the T6 agent host.
C:\Program Files (x86)\IBM\SDP\jdk\jre\lib\security\local_policy.jar and US_export_policy.jar
2) Stop the T6 agent.
3) On the T6 agent host, copy the existing local_policy.jar and US_export_policy.jar files from the following directories to a backup directory under \tmp or \temp. Do not simply rename these files in their current directories. Do not try to create a backup directory for these jar files under the <ITM_HOME> directory.
Here, notice that we are replacing the T6 agent's jar files under the TMAITM6 folder.
4) Copy the local_policy.jar and US_export_policy.jar files that you saved in step 1 into these directories on the T6 agent host. Replace the existing files. These are the files you copied from the RPT workbench host.
5) Restart the T6 agent.
The following technotes are for reference only.
See Does the RRT agent support TLS 1.1/1.2 and 256-bit ciphers?
See How to enable strong encryption > 128 bit