By changing the default SSL protocol configuration, you can configure your Liberty server
to accept different security protocols that meet your system requirements.
About this task
The default SSL configuration through Liberty is the SSL_TLS protocol. The SSL_TLS protocol
accepts TLSv1, and SSLv3.
To change the security protocol:
Procedure
-
Locate the server.xml file in the <install dir>/wlp/usr/servers/mailboxui directory.
-
Edit the sslProtocol in defaultSSLConfig to specify
your preferred security protocols:
- SSL
- SSL v3.0 protocol. SSL accepts SSLv3 hello encapsulated in a SSLv2 format hello.
- SSLv3
- SSL v3.0 protocol.
- TLS
- TLS v1.0 protocol (defined in RFC 2246). TLS accepts TLSv1 hello encapsulated in an SSLv2 format
hello.
- TLSv1
- TLS v1.0 protocol (defined in RFC 2246). TLSv1 accepts SSLv3 or TLSv1 hello encapsulated in an
SSLv2 format hello.
- TLSv1.1
- TLS v1.1 protocol (defined by RFC 4346).
- TLSv1.2
- TLS v1.2 protocol (defined by RFC 5246).
- TLSv1.3
- Enables TLS v1.3 protocol (defined by RFC 8446).
- SSL_TLS
- SSL_TLS enables all SSL v3.0 and TLS v1.0 protocols. SSL_TLS accepts SSLv3 or TLSv1 hello
encapsulated in an SSLv2 format hello.
- SSL_TLSv2
- SSL_TLSv2 enables all SSL v3.0 and TLS v1.0, v1.1 and v1.2 protocols. SSL_TLSv2 accepts SSLv3 or
TLSv1 hello encapsulated in an SSLv2 format hello.
For
example:
<ssl id="defaultSSLConfig" sslProtocol="TLS" .../>
-
Save the server.xml file.
- Optional:
Check the messages.log file in <install dir>/wlp/usr/servers/mailboxui/logs to make sure that there are not any errors as a result of changing the security protocols.
- Optional:
Log in to the Global Mailbox administrator user
interface to verify that the SSL connection is successful.