What is the proper way to enable TLS 1.2 in RTC 6.0.1?
We recently installed RTC 6.0.1 with the bundled WAS Liberty Profile
(WLP) application server. The RTC server is failing the TCP/IP vulnerability scan's TLS Version 1.2 Protocol Detection. I believe this is because RTC 6.0.1 ships with WLP 8.5.5.7 and that TLS 1.2 is enabled in WLP 8.5.5.8. What is the proper way to enable TLS 1.2 in RTC 6.0.1? |
One answer
|
Here's what I had to do:
1. Update <RTC server home>/server/server.startup to add the the following java option:| ... JAVA_OPTS="$JAVA_OPTS -Dderby.locks.deadlockTimeout=1140" JAVA_OPTS="$JAVA_OPTS -agentlib:healthcenter -Dcom.ibm.java.diagnostics.healthcenter.agent.port=1972" JAVA_OPTS="$JAVA_OPTS -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2" ... 2. Add the following to <RTC server home>/server/liberty/servers/clm/server.xml: ... <!-- suppress messages about references to missing third party jars that are not used --> <logging hideMessage="SRVE9967W"/> <!-- enable TLS 1.2 --> <sslDefault sslRef="defaultSSLSettings" /> <ssl id="defaultSSLSettings" keyStoreRef="defaultKeyStore" sslProtocol="TLSv1.2" /> </server> |