Enabling TLS 1.3 support
Learn how to enable TLS 1.3 communications.
About this task
The new version of GSKit supports TLS 1.3 communication, but, to allow compatibility with older
certificates, it is not enabled by default in Tivoli Netcool/OMNIbus. To enable TLS 1.3
communication, the tls13_enable
property must be set in the
sslciphers.conf file.
Procedure
- If the sslciphers.conf file does not exist, then create the file in the
following locations.
- Linux: $NCHOME/etc/security/sslciphers.conf
- Windows: %NCHOME%\ini\security\sslciphers.conf
- Open the sslciphers.conf file.
- Within the sslciphers.conf file, set the
tls13_enable
property toTRUE
.
When TLS 1.3 communications are enabled, the key size for certificates must be
2048
or greater. Also, do not use the SHA1
signature algorithm for
the certificates.
Use the nc_gskcmd command with the -cert
and
-details
options. For more information, see nc_gskcmd command-line options. Alternatively, view
the details with iKeyman to inspect existing certificates and verify that they have an acceptable
key size and signature algorithm. For more information, see Viewing certificate details.