Applying local Java security properties

It is recommended to apply local Java security properties to contain any security impact within UMS.

The UMS server relies on Java security properties to configure the SSL/TLS security features. There are known vulnerabilities existing in SSL/TLS protocols, such as Lucky13, Logjam, BEAST, and so on. For more information, see IBM® Java™ Secure Socket Extension (JSSE) Provider.

In order to allow UMS to leverage the most secure cipher suites, it is recommended to apply local security properties rather than the default IBM Java security properties. Using local security properties would ensure changes only apply to UMS and will not affect other programs using Java
Note: Make sure all services, including Zowe and ZSS services, share strong cipher suites, otherwise the SSL/TLS handshake will not succeed.
Perform the following steps:
  1. Copy ${JAVA_HOME}/lib/security/java.security to <IZP_UMS_VARDIR>/conf/local_java.security.
  2. Open file local_java.security on the line with jdk.tls.disabledAlgorithms and append any of the following algorithms that are missing: SSLv3, RC4, DES, DHE , MD5withRSA, DH keySize < 1024, DESede, EC keySize < 224, CBC, TLSv1, TLSv1.1, anon, NULL
  3. In the file <IZP_UMS_VARDIR>/bin/izp-server.sh, navigate to - Djava.library.path=${IZP_UMS_VARDIR}/bin and add the following Java property after it: -Djava.security.properties=${IZP_UMS_VARDIR}/conf/local_java.security\