Configuring the TLS V1.3 security protocol
The following procedures enable you to configure the TLS V1.3 security protocol for IBM Workload Scheduler. If you want to configure your environment with the TLS V1.3 protocol, it is recommended to use a 4k-length certificate.
The configuration of the TLS V1.3 security protocol can only be set using custom certificates with RSA keys of at least 2K.
Dynamic agents
- Enabling the TLS V1.3 security protocol exclusively
-
ssl version= TLSv1.3 ssl_ciphers=
- Enabling the TLS V1.2 and TLS V1.3 security protocols
-
ssl version= atleast.TLSv1.2 ssl_ciphers=
- ssl_version
- Specify the SSL
version to be used. Supported values are:
- atleast.TLSv1.0
- atleast.TLSv1.1
- atleast.TLSv1.2
- atleast.TLSv1.3
- max.TLSv1.0
- max.TLSv1.1
- max.TLSv1.2
- max.TLSv1.3
- TLSv1.0
- TLSv1.1
- TLSv1.2
- TLSv1.3
- ssl_ciphers
-
Define the ciphers that the workstation supports during an SSL connection. If you want to use an OpenSSL cipher class, use the following command to find out the list of available classes:
openssl ciphers
For a full list of supported ciphers, see SSL Ciphers and OpenSSL.
WebSphere Application Server Liberty Base
The following procedures must be repeated for every IBM Workload Scheduler component in the environment that has WebSphere Application Server Liberty Base installed.
- <TWA_INSTALL_FOLDER>/usr/servers/engineServer/configDropins/overrides
- <DWC_INSTALL_FOLDER>/usr/servers/dwcServer/configDropins/overrides
- Enabling the TLS V1.3 security protocol exclusively
-
sslProtocol="TLSv1.3"
- Enabling the TLS V1.2 and TLS V1.3 security protocols
No spaces can be used before or after the comma.sslProtocol="TLSv1.2,TLSv1.3"
Native components and fault-tolerant agents
The following procedures must be repeated for every native component and fault-tolerant agents in the IBM Workload Scheduler environment.
- Opens SSL
-
- Enabling the TLS V1.3 security protocol exclusively
- Set the ssl version keyword as
follows:
ssl version = TLSv1.3