Jazz Forum Welcome to the Jazz Community Forum Connect and collaborate with IBM Engineering experts and users

What is the proper way to enable TLS 1.2 in RTC 6.0.1?

Questions
Tags
Users
Badges
Christopher Robinson
(571917) Jan 27 '16, 12:26 p.m.
We recently installed RTC 6.0.1 with the bundled WAS Liberty Profile
(WLP) application server. 

The RTC server is failing the TCP/IP vulnerability scan's TLS Version 1.2 Protocol Detection. 

I believe this is because RTC 6.0.1 ships with WLP 8.5.5.7 and that TLS 1.2 is enabled in WLP 8.5.5.8.  What is the proper way to enable TLS 1.2 in RTC 6.0.1?

1 vote

1 answer
6,869 views
1 vote

One answer

Permanent link
Christopher Robinson
(571917) Jan 27 '16, 12:28 p.m.
Here's what I had to do:            
 1. Update <RTC server home>/server/server.startup to add the the       
    following java option:|                                             
      ...                                                               
      JAVA_OPTS="$JAVA_OPTS -Dderby.locks.deadlockTimeout=1140"         
      JAVA_OPTS="$JAVA_OPTS -agentlib:healthcenter                      
    -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972"            
      JAVA_OPTS="$JAVA_OPTS                                             
    -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2"        
      ...                                                               
 2. Add the following to <RTC server                                    
    home>/server/liberty/servers/clm/server.xml:                        
          ...                                                           
          <!--  suppress messages about references to missing third     
    party jars that are not used -->                                    
          <logging hideMessage="SRVE9967W"/>                            
          <!-- enable TLS 1.2 -->                                       
          <sslDefault sslRef="defaultSSLSettings" />                    
          <ssl id="defaultSSLSettings" keyStoreRef="defaultKeyStore"    
    sslProtocol="TLSv1.2" />                                            
      </server>                               

2 votes

Your answer

Register or log in to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.

Ask a question
Guidelines
FAQ
Search context
Follow this question

By Email: 

Once you sign in you will be able to subscribe for any updates here.

By RSS:

Answers
Answers and Comments
Question details
× 12,019
× 7,492

Question asked: Jan 27 '16, 12:26 p.m.

Question was seen: 6,869 times

Last updated: Jan 27 '16, 12:28 p.m.

Confirmation Cancel Confirm