It's all about the answers!

Ask a question

What is the proper way to enable TLS 1.2 in RTC 6.0.1?


Christopher Robinson (571217) | asked Jan 27 '16, 12:26 p.m.
We recently installed RTC 6.0.1 with the bundled WAS Liberty Profile
(WLP) application server. 

The RTC server is failing the TCP/IP
vulnerability scan's TLS Version 1.2 Protocol Detection. 

I believe
this is because RTC 6.0.1 ships with WLP 8.5.5.7 and that TLS 1.2 is enabled in WLP 8.5.5.8.  What is the proper way to enable TLS 1.2 in RTC 6.0.1?

One answer



permanent link
Christopher Robinson (571217) | answered Jan 27 '16, 12:28 p.m.
Here's what I had to do:            
 1. Update <RTC server home>/server/server.startup to add the the       
    following java option:|                                             
      ...                                                               
      JAVA_OPTS="$JAVA_OPTS -Dderby.locks.deadlockTimeout=1140"         
      JAVA_OPTS="$JAVA_OPTS -agentlib:healthcenter                      
    -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972"            
      JAVA_OPTS="$JAVA_OPTS                                             
    -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2"        
      ...                                                               
 2. Add the following to <RTC server                                    
    home>/server/liberty/servers/clm/server.xml:                        
          ...                                                           
          <!--  suppress messages about references to missing third     
    party jars that are not used -->                                    
          <logging hideMessage="SRVE9967W"/>                            
          <!-- enable TLS 1.2 -->                                       
          <sslDefault sslRef="defaultSSLSettings" />                    
          <ssl id="defaultSSLSettings" keyStoreRef="defaultKeyStore"    
    sslProtocol="TLSv1.2" />                                            
      </server>                               

Your answer


Register or to post your answer.