Configuring ELM with TLSv1.2 and TLSv1.3

You can enable TLS 1.2 and TLS 1.3 to secure the Engineering Lifecycle Management server.

About this task

To configure the WebSphere Liberty server to enable TLSv1.3 along with TLSv1.2 (non-strict mode), or only TLSv1.3.

Note: TLSv1.3 is enabled by default for the embedded WebSphere Liberty. Hence, no additional configuration is required to enable TLSv1.3 for the embedded WebSphere Liberty.
Perform the following steps to configure ELM with TLSv1.2 and TLSv1.3 for separately installed WebSphere Liberty.


  1. Open the server.xml file from the <JazzInstallDir>/server/liberty/servers/clm directory.
    Important: You must start the Engineering Lifecycle Management serve at least once to generate the clm directory.
  2. In the <ssl id="defaultSSLConfig" section, change the sslProtocol attribute to sslProtocol="TLSv1.3,TLSv1.2".
  3. Save an close the server.startup file.
  4. Restart the Engineering Lifecycle Management servers.