IBM Support

IBM Operational Decision Manager on Cloud support for Transport Layer Security

News


Abstract

Operational Decision Manager on Cloud uses Transport Layer Security (TLS) 1.2 and 1.3. This support is part of IBM's ongoing commitment to provide a secure cloud infrastructure that follows the best practices for security and data privacy.

Content

Operational Decision Manager on Cloud supports TLS 1.2 and 1.3, and no longer supports TLS 1.0 and 1.1. Programmatic clients (clients written by customers) that use Java 6 or 7 no longer work, and must be updated to Java 8 or later (see IBM Operational Decision Manager on Cloud - Detailed System Requirements).

Supported ciphers

The following ciphers are supported for all inbound HTTPS connections:
TLS 1.2
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS 1.3
  • TLS_AES_128_GCM_SHA256
  • TLS_AES_256_GCM_SHA384
Users with code or services that connect to *.bpm.ibmcloud.com with encryption levels older than TLS 1.2 should upgrade. All modern browsers now support TLS 1.2 and 1.3.

Testing your programmatic clients with TLS 1.2 or 1.3

The enhanced security configuration is currently enabled on the following test endpoint: https://169.46.48.77. You can use this endpoint to determine the potential impact to your programmatic clients. A sample test that uses Apache HttpClient 4.5.3 is provided below.

Sample test code

This sample test code uses Apache HttpClient 4.5.3.

package test;

import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.Arrays;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;

import org.apache.http.HttpResponse;
import org.apache.http.client.HttpClient;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.DefaultHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContextBuilder;
import org.apache.http.ssl.TrustStrategy;

public class tlstester {

    public static void main(String[] args) throws Exception {

     // ***************************************************
        // protocols, ciphers
     String[] prots = new String[] {"TLSv1.2"}; // Note: Change {"TLSv1.2"} to {"TLSv1.3"} to test for TLS 1.3
     String[] ciphers = new String[] { // set to null to allow using all available ciphers
      "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
      "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384",
      "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256"
     };
             
        // init http client
        HttpClientBuilder builder = HttpClients.custom();
        builder.disableRedirectHandling();    

        TrustStrategy trustStr = new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] arg0, String arg1)
throws CertificateException {
// TODO Auto-generated method stub
return true;
}
};
       
SSLContext sslContext = new SSLContextBuilder().loadTrustMaterial(trustStr).build();
SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(
sslContext,
        prots,
        ciphers,
       new javax.net.ssl.HostnameVerifier() {
@Override
public boolean verify(String hostname, SSLSession session) {
return true;
}
}
);

// what the client supports
        SSLParameters sslParams = sslContext.getSupportedSSLParameters();
        System.out.println("client supported prots: " + Arrays.asList( sslParams.getProtocols() ) );
        System.out.println("client supported cipherSuites: " + Arrays.asList( sslParams.getCipherSuites() ) );            

builder = HttpClients.custom();
builder.setSSLContext(sslContext)
.setSSLHostnameVerifier( new DefaultHostnameVerifier())
.setSSLSocketFactory(sslsf);  

        HttpClient client = builder.build();
       
        // execute request
        HttpResponse response = null;            
        HttpGet request = new HttpGet("https://169.46.48.77");              
        try {
            response = client.execute(request);
         }
         catch (Exception e) {
            throw new Exception("Could not execute call, reason: " + e.getMessage());
         }
       
         int httpResponseCode = response.getStatusLine().getStatusCode();
         System.out.println("response code: " + httpResponseCode);
     
    }
}

 

[{"Type":"MASTER","Line of Business":{"code":"LOB76","label":"Data Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SS7J8H","label":"IBM Operational Decision Manager on Cloud"},"ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
02 July 2025

UID

ibm10966999

Page Feedback