Configuring Engineering Lifecycle Management with TLSv1.2

You can enable TLS 1.2 and TLS 1.3 to secure the Engineering Lifecycle Management server.

About this task

To configure the Engineering Lifecycle Management server to enable TLSv1.2 along with TLSv1.0 and TLSv1.1 or only TLSv1.2 (non-strict mode) in WebSphere® Application Server or WebSphere Liberty server.

Configure Engineering Lifecycle Management with TLSv1.2 in addition to existing protocols in WebSphere Liberty server

About this task

TLSv1.0, TLSv1.1, and TLSv1.2 are enabled by default in WebSphere Liberty server. Hence, no additional configuration is required to enable TSLv1.2 along with TLSv1.0 and TLSv1.1 in WebSphere Liberty server.

Configure Engineering Lifecycle Management with TLSv1.2 in addition to existing protocols in WebSphere Application Server

About this task

Configure TLSv1.2 in addition to existing protocols in WebSphere Application Server

Procedure

  1. Log into WebSphere Application Server Integrated Solution console.
  2. Click Security > SSL Certificate and key management.
  3. Click SSL Configurations from the Related Items section.
  4. Open the default SSL settings link.
  5. Click Quality of Protection (QoP) from the Additional Properties section.
  6. Select TLSv1.2 for the protocol.
  7. Select Stong for the chipper suite groups, and then click Update selected chipers.
  8. Click OK and save directory to the master configuration.
  9. Restart the application server.

Configure Engineering Lifecycle Management with only TLSv1.2 in WebSphere Application Server

About this task

Configure only TLSv1.2 protocol in WebSphere Application Server.

Procedure

  1. Log into WebSphere Application Server Integrated Solution console.
  2. Click Security > SSL Certificate and key management.
  3. Click SSL Configurations from the Related Items section.
  4. Open the default SSL settings link.
  5. Click Quality of Protection (QoP) from the Additional Properties section.
  6. Select TLSv1.2 for the protocol.
  7. Select Stong for the chipper suite groups, and then click Update selected chipers.
  8. Click OK and save directory to the master configuration.
  9. Navigate to the <WAS_Profile_dir>/properties and open the ssl.client.props file.
  10. Search for com.ibm.ssl.protocol property and update its value to TLSv1.2.
  11. Click Server > Server Types > WebSphere Application Server and then open server1.
  12. In the Server Infrastructure section, click Java and Process Management > Process definition.
  13. In the Additional properties section, click Java Virtual Machine, and then click Custom properties.
  14. Add the following custom properties:
    • com.ibm.team.repository.transport.client.protocol and set the value to TLSv1.2
    • com.ibm.rational.rpe.tls12only and set the value to true.
    • jazz.connector.sslEnabledProtocols and set the value to TLSv1.2
  15. Restart the application server.

Configure Engineering Lifecycle Management with only TLSv1.2 in WebSphere Liberty server

About this task

Configure only TLSv1.2 protocol in WebSphere Liberty server.

Procedure

  1. Open the server.startup file from the <JazzInstallDir>/server directory.
  2. Delete the following line from the file:
    JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2"
    For Windows
operating systemset JAVA_OPTS=%JAVA_OPTS% -Djazz.connector.sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
  3. Add the following lines from the file:
    For Linux
operating systemJAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslEnabledProtocols=TLSv1.2" JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2" JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.rational.rpe.tls12only=true"
    For Windows
operating systemset JAVA_OPTS=%JAVA_OPTS% -Djazz.connector.sslEnabledProtocols=TLSv1.2 set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2 set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.rational.rpe.tls12only=true
  4. Save an close the server.startup file.
  5. Open the server.xml file from the <JazzInstallDir>/server/liberty/servers/clm directory.
    Important: You must start the Engineering Lifecycle Management serve at least once to generate the clm directory.
  6. In the <ssl id="defaultSSLConfig" section, change the sslProtocol attribute to sslProtocol="TLSv1.2".
  7. Save an close the server.startup file.
  8. Restart the Engineering Lifecycle Management servers.