To comply with the US government SP 800-131 security standard, you can configure the
WebSphere Liberty server that hosts IBM®
Engineering Lifecycle Management
applications to support the Transport Layer Security (TLS) 1.2 protocol.
About this task
Complete the following procedure to configure the WebSphere Liberty server that hosts
IBM
Engineering Lifecycle Management
applications to support the Transport Layer Security (TLS) 1.2 protocol.
Procedure
-
Go to JazzInstallDir/server and open the
server.startup (server.startup.bat on Windows) file for
editing.
-
In the file, find the line
set JAVA_OPTS=%JAVA_OPTS%
-Djazz.connector.sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2"
on Windows platforms or
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslEnabledProtocols=TLSv1,TLSv1.1,TLSv1.2"
on UNIX systems and delete it.
-
Add the following lines:
JAVA_OPTS="$JAVA_OPTS -Djazz.connector.sslEnabledProtocols=TLSv1.2"
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2"
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.jsse2.sp800-131=strict"
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.rational.rpe.tls12only=true"
JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.jsse2.overrideDefaultTLS=true"
set JAVA_OPTS=%JAVA_OPTS% -Djazz.connector.sslEnabledProtocols=TLSv1.2
set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2
set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.jsse2.sp800-131=strict
set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.rational.rpe.tls12only=true
set JAVA_OPTS=%JAVA_OPTS% -Dcom.ibm.jsse2.overrideDefaultTLS=true
Note: You need to add the jsse2.overrideDefaultTLS
property if you are using Java
version 8.0.7.0 or later.
-
Save and close the file.
-
Go to JazzInstallDir/server/liberty/servers/clm and
open the server.xml file for editing.
Note: The server must be started at least one time for the clm directory to be
generated.
-
In the <ssl id="defaultSSLConfig" section change the attribute
sslProtocol to sslProtocol="TLSv1.2".
-
Save and close the file.
-
Restart the ELM servers
for changes to take effect.