Question & Answer
Question
How can I confirm that TLSv1 and TLS_v1.1 are disabled for the IBM Storage Insights Data Collector?
Cause
Because of known security vulnerabilities with TLSv1 and TLSv1.1, they are disabled by default. However, they could be enabled by following steps from the IBM Documentation, making it necessary to be able to confirm the configuration.
Answer
Do the following on the host where the data collector service is installed:
1. Open java.security and make sure it includes TLSv1 and TLSv1.1 in the following line, which is the default Disabled configuration.
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, TLSv1, TLSv1.1, EC keySize < 224, anon, NULL
- On Windows, go to Data Collector Installation\jre\lib\security.
- On AIX or Linux, go to Data Collector Installation/jre/lib/security.
2. Go to Data Collector installation, open conf folder, and make sure setup.properties does not explicitly call out another location for the security.java file with dcJVMArgs or epJvmArgs.
Example:
dcJvmArgs=-Djava.security.properties=C:\\copiedlocationfolderpath\\java.security file
epJvmArgs=-Djava.security.properties=C:\\copiedlocationfolderpath\\java.security file
If either of those entries exists, it is likely that the older protocols were previously enabled. Check the java.security file at the specified location to confirm whether TLSv1 and TLSv1.1 are disabled. If these variables are removed from the setup.properties file, the java.security file in the location from step 1 is used.
3. If any updates are made, restart the IBM Storage Insights Data Collector service to pick up the changes.
3. If any updates are made, restart the IBM Storage Insights Data Collector service to pick up the changes.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSQRB8","label":"IBM Storage Insights"},"ARM Category":[{"code":"a8m3p000000hBFuAAM","label":"Security"}],"ARM Case Number":"TS009207342","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
02 May 2022
UID
ibm16579217