IBM Support

Confirming whether TLSv1 and TLS_v1.1 are disabled

Question & Answer


How can I confirm that TLSv1 and TLS_v1.1 are disabled for the IBM Storage Insights Data Collector?


Because of known security vulnerabilities with TLSv1 and TLSv1.1, they are disabled by default.  However, they could be enabled by following steps from the IBM Documentation, making it necessary to be able to confirm the configuration.


Do the following on the host where the data collector service is installed:
1.  Open and make sure it includes TLSv1 and TLSv1.1 in the following line, which is the default Disabled configuration.
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, TLSv1, TLSv1.1, EC keySize < 224, anon, NULL
  • On Windows, go to Data Collector Installation\jre\lib\security.
  • On AIX or Linux, go to Data Collector Installation/jre/lib/security.
2.  Go to Data Collector installation, open conf folder, and make sure does not explicitly call out another location for the file with dcJVMArgs or epJvmArgs.

Example:\\copiedlocationfolderpath\\ file\\copiedlocationfolderpath\\ file
If either of those entries exists, it is likely that the older protocols were previously enabled.  Check the file at the specified location to confirm whether TLSv1 and TLSv1.1 are disabled. If these variables are removed from the file, the file in the location from step 1 is used.

3.  If any updates are made, restart the IBM Storage Insights Data Collector service to pick up the changes.

[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSQRB8","label":"IBM Storage Insights"},"ARM Category":[{"code":"a8m3p000000hBFuAAM","label":"Security"}],"ARM Case Number":"TS009207342","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
02 May 2022