How to use RQM Execution tool against TLSv1.2 QM ?
I need to know how to make RQM Execution tool work on TLSv1.2 only QM. Are there any -D options that can tell the java runtime what protocol to use on the secure socket ? The reading on org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory and peers don't reveal any goodness.
i.e. the SSLContext is likely the
SSLContext context = SSLContext.getInstance("TLSv1.2");
Perhaps -D https.protocols=TLSv1,TLSv1.1,TLSv1.2 or just -Dhttps.protocols=TLSv1.2
i.e. the SSLContext is likely the
SSLContext context = SSLContext.getInstance("TLSv1.2");
Perhaps -D https.protocols=TLSv1,TLSv1.1,TLSv1.2 or just -Dhttps.protocols=TLSv1.2
Accepted answer
You can use the system property "com.ibm.team.repository.transport.client.protocol" to override the protocol. You should get something like this
Basically, your command should look like
Note that you need to use Java 7 or 8. With Java 6, I get the exception "java.security.NoSuchAlgorithmException: TLSv1.2 SSLContext not available".
Procesing Command Line arguments for Test Execution
Logging in to the server
Attempting to create protocol context using system property: TLSv1.2
Successfully created an HTTP client
Attempting to create protocol context using system property: TLSv1.2
Connection to RQM Server is established
Basically, your command should look like
java -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2 -jar RQMExecutionTool.jar ...
Note that you need to use Java 7 or 8. With Java 6, I get the exception "java.security.NoSuchAlgorithmException: TLSv1.2 SSLContext not available".
Comments
I suggested similar ( but SSL_TLSv2 ) and that was claimed to have failed. IBM Java 7 is being used to launch the tool.
Also, the RQMExecutionTool.jar doesn't appear to have any com.ibm.team. classes or any com.ibm.team. jars within any of the other content, so it makes me wonder if that -D is even a party to the conversation....
The -D does allow TLSv1.2 !
To respond to your previous comment - it appears that all RQM external utilities use the same SSLContextUtil class for connection (even it may be in different packages for different tools), and this class looks for the said property explicitly.
String overrideProtocol = System.getProperty("com.ibm.team.repository.transport.client.protocol"); //$NON-NLS-1$
if (overrideProtocol != null) {
System.out.println("Attempting to create protocol context using system property: " + overrideProtocol); //$NON-NLS-1$
context = createSSLContext(overrideProtocol, trustManager);
}
Comments
Kevin Ramer
Feb 11 '16, 3:58 p.m.None of the https.protocols allows a successful connection.