To enable TLS 1.1 and 1.0 for IBM
Spectrum Control ports, update the
java.security file (Alert, Data, Device, and Web server) and the
server.config file (Export server).
Before you begin
IBM
Spectrum Control ports have TLS 1.1 and 1.0
disabled by default for increased security. Therefore, IBM
Spectrum Control will not be able to communicate with
resources that do not support TLS 1.2. If you want to upgrade your resources to a version that
supports TLS 1.2, contact your vendor. You can also re-enable TLS 1.1 and 1.0 for IBM
Spectrum Control ports.
Procedure
-
Stop all IBM
Spectrum Control servers.
-
Open the
installation_dir/jre/conf/security/java.security file.
-
To enable TLS 1.1 and 1.2 in the Alert, Data, Device, and Web server, remove the
"
TLSv1.1 ,
" text from the jdk.tls.disabledAlgorithms
line.
BEFORE:
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, TLSv1, TLSv1.1 , EC keySize < 224, anon, NULL
AFTER:
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, TLSv1, EC keySize < 224, anon, NULL
To enable TLS 1.0, 1.1, and 1.2 in the Alert, Data, Device, and Web server, remove the
"TLSv1, TLSv1.1 ,
" text from the jdk.tls.disabledAlgorithms
line.
BEFORE:
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, TLSv1, TLSv1.1 , EC keySize < 224, anon, NULL
AFTER:
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, EC keySize < 224, anon, NULL
-
Open the installation_dir/export/conf/server.config
file.
-
To enable only TLS 1.1 in the Export server, change the
"secureProtocol"
value
from "TLSv1_2_method"
to "TLSv1_1_method"
.
For example:
"secureProtocol": "TLSv1_1_method"
To enable only TLS 1.0 in the Export server, change the "secureProtocol"
value
from "TLSv1_2_method"
to "TLSv1_method"
.
For example:
"secureProtocol": "TLSv1_method"
To enable TLS 1.0, 1.1, and 1.2 in the Export server, change the
"secureProtocol"
value from "TLSv1_2_method"
to
""
.
For example:
"secureProtocol": ""
You cannot configure the Export server such that only TLS 1.1 and 1.2 are enabled.
-
Restart the IBM
Spectrum Control servers.