Configuring Rational Team Concert clients and build engines to support TLS 1.2

To comply with the US government SP 800-131 security standard, you can configure the Rational® Team Concert® Eclipse client and its components to support the Transport Layer Security (TLS) 1.2 protocol.

About this task

To configure Rational Team Concert clients and build engines to support the TLS 1.2 protocol, you add the following code to the client or build engine .ini files: -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2. For the Ant build definition, you can add the protocol to the Java VM Arguments section.

Rational Team Concert Eclipse client

Procedure

  1. Go to the directory where the Rational Team Concert client is installed. The default location on Windows is Program Files\IBM\TeamConcert and on the UNIX systems is opt/IBM/TeamConcert.
  2. Open the eclipse.ini file for editing and add the following protocol:
    -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2
  3. Save and close the eclipse.ini file.

Rational Team Concert Client for Microsoft Visual Studio IDE

Before you begin

The .NET Framework 4.5 must be installed.

Procedure

  1. In the Rational Team Concert Client for Microsoft Visual Studio IDE, click Tools > Options.
  2. In the left pane, click Team Concert.
  3. Select Use TLS 1.2 and click OK.
  4. In the scm.ini file, add the following text -Dcom.ibm.team.repository.transport.client.protocol=SSL_TLSv2. The default file location is install_location\3rd Party\scmtools\eclipse.

Rational Team Concert Shell

Before you begin

The .NET Framework 4.5 must be installed.

Procedure

  1. In the Rational Team Concert Shell control panel, click Manage Preferences > Other Preferences.
  2. Select Use TLS 1.2 and click OK.
  3. In the scm.ini file, add the following text -Dcom.ibm.team.repository.transport.client.protocol=SSL_TLSv2. The default file location is install_location\3rd Party\scmtools\eclipse.

Rational Team Concert Microsoft Source Code Control Interface

Before you begin

The .NET Framework 4.5 must be installed.

Procedure

  1. Exit all applications using the MSSCCI client.
  2. Open the Rational Team Concert MSSCCI control panel.
  3. Click Modify MS-SCCI Preferences.
  4. Select Use TLS 1.1 or Use TLS 1.2.
  5. In the scm.ini file, add the following text -Dcom.ibm.team.repository.transport.client.protocol=SSL_TLSv2. The default file location is install_location\3rd Party\scmtools\eclipse.

Jazz Build Engine

Procedure

  1. Go to the directory where the Jazz Build Engine is installed. The default location on a 64-bit Windows is Program Files (x86)\IBM\TeamConcertBuild\buildsystem\buildengine\eclipse and on the UNIX systems is opt/IBMTeamConcertBuild/buildsystem/buildengine/eclipse.
  2. Open the jbe.ini file for editing and add the following protocol:
    -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2
  3. Save and close the jbe.ini file.

Ant build definition

Procedure

  1. Open Rational Team Concert eclipse client.
  2. In the Team Artifacts view expand a project, then expand Builds.
  3. Right-click a build and select Open Build Definition.
  4. In the Build Definition view click the Ant tab.
  5. In the Ant Configuration section add the following protocol to the Java VM arguments field:
    -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2

Rational Build Agent

About this task

To configure Rational Build Agent engines to support the TLS 1.2 protocol, two artifacts must be set up to use TLS 1.2.

Procedure

  1. Configure the Rational Build Agent to support the TLS 1.2 protocol. In the bfagent.conf file for the Rational Build Agent on z/OS systems, set the ssl_protocol to TLSv1.2.
  2. In the Rational Team Concert build engine editor, when the engine type is set to Rational Build Agent, complete the settings on the Build Agent tab.
    1. Select Connect securely to Build Agent.
    2. Set the Secure protocol to Use TLS 1.2 to match the ssl_protocol setting in the bfagent.conf file for the Rational Build Agent on z/OS systems.

Hudson/Jenkins Rational Team Concert plug-in

Before you begin

If the Rational Team Concert server is at version 4.0.4 or later and is configured to use TLS v1.2, you must use a version 4.0.4 or later build toolkit when running builds against that Rational Team Concert server. Earlier versions of the build toolkit do not recognize this environment variable:
com.ibm.team.repository.transport.client.protocol

You must use a browser that supports and is enabled for TLS v1.2. For more information, see Configuring browsers to support TLS 1.2.

Procedure

  1. You can define the following system variable when you start your Hudson/Jerkins server and slaves:
    com.ibm.team.repository.transport.client.protocol=TLSv1.2
    Example of the server by using the default Winston container:
    java -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2 -jar jenkins.war
    Example of the slave node:
    javaws -J-Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2 http://myJenkinsMachine:8080/computer/Slave1/slave-agent.jnlp
  2. If Hudson/Jenkins is used to build in a mixed environment, for example, a Rational Team Concert version 4.0.4 or later server that uses TLS 1.2 and other servers that do not, you must set the following variable:
    com.ibm.team.repository.transport.client.protocol=SSL_TLSv2

video icon Watch videos

CLM playlist
Jazz.net channel
User Education channel

learn icon Learn more

CLM learning circle
Agile learning circle
Learning circles

ask icon Ask questions

Jazz.net forum
developerWorks forums

support icon Get support

Support Portal
Deployment wiki
Support blog