Question & Answer
Question
Cause
Answer
The network protocol is automatically changed to TLS 1.2 in new installations of Information Server 11.7.1.3 (or later), and existing installations that are upgraded to 11.7.1.3 (or later). Hence, in those installations, the following actions are not needed. See the 11.7.1.3 installation instructions for additional actions that might be needed to complete the change.
In situations where only TLS 1.2 is configured, in addition to Information Server components, one must also configure browsers, databases, .Net and so on to permit only TLS 1.2. Ensure that they are upgraded to an appropriate version.
Actions are needed on each of the tiers.
1. For WebSphere Network Deployment:
Set Protocol = TLSv1.2
Apply and OK the changes.
NOTE: After NodeDefaultSSLSettings is updated to TLS 1.2, you will not be able to stop WebSphere Application Server if com.ibm.ssl.protocol=TLSv1.2 is not yet set in /opt/IBM/WebSphere/AppServer/profiles/InfoSphere/properties/ssl.client.props.
/opt/IBM/WebSphere/AppServer/profiles/dmgr1/properties/ssl.client.props (for deployment manager)
2. For WebSphere Liberty profile:
b. Edit \IBM\InformationServer\wlp\usr\servers\iis\bootstrap.properties; set the protocol
c. Restart the server
Engine tier: ASBNode/eclipse/plugins/com.ibm.iis.client/iis.client.site.properties
Client tier: ASBNode/eclipse/plugins/com.ibm.iis.client/iis.client.site.properties
5. For clustered configuration, the previous steps must be done on the Deployment manager and each node.
7. Refer to the Related information section of this technote, for technotes of Information Server components that need component-specific actions related to the usage of TLS 1.2.
For Connectivity components, note the following:
- the File Connector does not need any configuration changes
- for Hierarchical Stage, upgrade to 11.5.0.2 (no configuration changes are needed)
- for Salesforce Data Connector see the linked technotes
- actions for other connectors, if any, is yet to be determined.
Change History:
26 April 2017: Original version published
27 April 2017: Added version-based links for Salesforce Data Connector
11 May 2017: Updated argument in sample UpdateSignerCerts.sh command
14 May 2017: Added information for Hierarchical stage
06 June 2017: Removed step to set protocol in ASBServer/conf/ssl.client.props file
27 June 2017: Added related link to IMAM technote
18 May 2018: Added related link to technote for support in DataStage Clients
17 May 2019: Added related link for enabling TLS Communications to DB2 Databases
21 July 2021: Removed duplicate links to DataStage technote
29 July 2021: Added link to technote for DataStage Web Services Pack
13 February 2023: Added link to configure TLS & cipher suites on Microservices tier
27 April 2023: Updated links to other technotes; Added links for Oracle and SQL Server
Related Information
Salesforce Data Connector 8.7 and earlier
Salesforce Data Connector 9.1 and later
Enabling TLS 1.1 / TLS 1.2 for DataStage Clients
Instructions to enable TLS communication to DB2 Databases
Invoking a TLS v1.2 enabled web service in DataStage Web Services Pack
Configure TLS version and cipher suites on the Microservices tier
Instructions to enable TLS communication to Microsoft SQL Server
Was this topic helpful?
Document Information
Modified date:
27 April 2023
UID
swg22001891