IBM Support

Configuring TLSv1.3 on WebSphere Application Server 9.0.5.6 and 8.5.5.20 and later

News


Abstract

Starting in versions 9.0.5.6 and 8.5.5.20, WebSphere Application Server provides an option to select the TLSv1.3 protocol when running on IBM Java version 8.0.6.26 (and later)

Content

Starting in versions 9.0.5.6 and 8.5.5.20, WebSphere Application Server provides an option* to select TLSv1.3 protocol when running on IBM Java version 8.0.6.26 (and later). Following are more details and considerations on using the TLSv1.3 configuration.  
  1. The Administrative console of WebSphere 9.0.5.6 and 8.5.5.20 and later shows TLSv1.3 when running on IBM Java version 8.0.6.26 and later.
  2. Currently TLSv1.3 cannot be configured with other protocols for fallback. Therefore, it is required that SSL peers support TLSv1.3 as well.  
  3. In a mixed cell configuration, careful consideration is required before enabling TLSv1.3 to ensure communications. 
  4. To change DMGR and all NODES to use TLSv1.3, first make changes with only the DMGR running, then restart the DMGR process, and sync each node from the command line. Then bring the DMGR and NODES up.  For detailed steps, refer to the technote "How can I configure WebSphere Application Server SSL protocol to use TLSv1.2 ONLY?"  replacing TLSv1.2 with TLSv1.3. 
Note: 

[{"Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSEQTP","label":"WebSphere Application Server"},"ARM Category":[{"code":"a8m50000000CcyMAAS","label":"Security->SSL"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.0.5"}]

Document Information

Modified date:
27 October 2021

UID

ibm16421519