Enabling/Enforcing TLS 1.3 on Control Center Web Server with Web Browser

This section provides steps to enable and enforce TLS 1.3 on Control Center Web Server with Browser

Before you begin

Before configuring TLS 1.3, ensure that browsers support TLS 1.3.

About this task

Enabling TLS 1.3 on your Control Center Web Server and Web Browser enhances security and performance. TLS 1.3 is the latest cryptographic protocol, offering faster handshakes, improved security with modern ciphers, and enhanced privacy features.

Follow the below steps to enable TLS 1.3:

Procedure

  1. To enable TLS 1.3 on Control Center Web Server:
    1. Add TLSv1.3 under IncludeProtocols in ssl-config.xml 
    C:\IBM\SterlingControlCenter\web\ccbase\ssl-config.xml
    Example: 
    <Set name="IncludeProtocols">
	<Array type="java.lang.String">
		 <Item>TLSv1.3</Item>
		 <Item>TLSv1.2</Item> 
	</Array>
 </Set>
  2. To enable TLS 1.3 protocol in Web Browser:
    1. Refer to https://www.technology.pitt.edu/help-desk/how-to-documents/enable-support-tls-12-or-13-web-browsers and follow the steps.
    2. Access the HTTPS URL from the browser.

Enforcing TLS 1.3

About this task

Follow the below steps to enforce TLS 1.3

Procedure

  1. To enforce TLS 1.3 in Control Center Web Server:
    1. To enhance security, include only TLSv1.3 in the ssl-config.xml file under IncludeProtocols. 
      C:\IBM\SterlingControlCenter\web\ccbase\ssl-config.xml

      <Set name="IncludeProtocols">
	<Array type="java.lang.String">
		 <Item>TLSv1.3</Item> 
	</Array>
 </Set>
  2. To enforce TLS 1.3 in Web Browser:
    1. Refer to https://www.technology.pitt.edu/help-desk/how-to-documents/enable-support-tls-12-or-13-web-browsers and follow the steps.