DSXchange

One of our ISD application web service consumers has said they just disabled TLS 1.0 on their side and can no longer access the secure web services we host using ISD.

Does that mean that ISD 11.3.1.2 only has TLS 1.0 enabled out of the box? We are being asked to switch to TLS 1.2, which I thought ISD already supported out of the box. But now, not so sure. Seems like it should since TLS 1.2 was defined 10 years ago in 2008.

Check out this thread. TLS v1.0 only for 11.3.

My coworker was able to resolve this on 11.3 with an all-encompassing dynamic setting change in WAS (no WAS restart required)!

11.3 has SSL_TSL which supports all SSL and TLS 1.0, but not TLS1.2.

11.7 has SSL_TLSv2, which supports all SSL and TLS variants.

For WebSphere Network Deployment:

In WebSphere administration console,
Navigate to:
Security -> SSL certificate and key management ->SSL configurations ->IISSSL Configuration -> Quality of Protection (QoP) settings
Update Protocol from SSL_TLS to SSL_TLSv2 and click OK, and Save.

Navigate to:
Security -> SSL certificate and key management ->SSL configurations ->NodeDefaultSSL Settings -> Quality of Protection settings
Update Protocol from SSL_TLS to SSL_TLSv2 and click OK, and Save.

Thanks for that info!! This makes sense --- in the end, what ISD is doing is deploying, on your behalf, a normal WAS enterprise application, with all its required bits (EAR, etc.). ....WAS has a whole lot of settings, logging, exits, etc. that "could" be exploited, or in this case, need to be altered...

Thx!

Ernie