Which TLS version does ISD use?

Dedicated to DataStage and DataStage TX editions featuring IBM<sup>®</sup> Service-Oriented Architectures.

Moderators: chulett, rschirm

Post Reply
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am

Which TLS version does ISD use?

Post by qt_ky »

One of our ISD application web service consumers has said they just disabled TLS 1.0 on their side and can no longer access the secure web services we host using ISD.

Does that mean that ISD 11.3.1.2 only has TLS 1.0 enabled out of the box? We are being asked to switch to TLS 1.2, which I thought ISD already supported out of the box. But now, not so sure. Seems like it should since TLS 1.2 was defined 10 years ago in 2008.
Choose a job you love, and you will never have to work a day in your life. - Confucius
ray.wurlod
Participant
Posts: 54588
Joined: Wed Oct 23, 2002 10:52 pm

Post by ray.wurlod »

Check out this thread. TLS v1.0 only for 11.3.
IBM Software Services Group
Any contribution to this forum is my own opinion and does not necessarily reflect any position that IBM may hold.
qt_ky
Premium Member
Premium Member
Posts: 2895
Joined: Wed Aug 03, 2011 6:16 am

Post by qt_ky »

My coworker was able to resolve this on 11.3 with an all-encompassing dynamic setting change in WAS (no WAS restart required)!

11.3 has SSL_TSL which supports all SSL and TLS 1.0, but not TLS1.2.

11.7 has SSL_TLSv2, which supports all SSL and TLS variants.

For WebSphere Network Deployment:

In WebSphere administration console,
Navigate to:
Security -> SSL certificate and key management ->SSL configurations ->IISSSL Configuration -> Quality of Protection (QoP) settings
Update Protocol from SSL_TLS to SSL_TLSv2 and click OK, and Save.

Navigate to:
Security -> SSL certificate and key management ->SSL configurations ->NodeDefaultSSL Settings -> Quality of Protection settings
Update Protocol from SSL_TLS to SSL_TLSv2 and click OK, and Save.
Choose a job you love, and you will never have to work a day in your life. - Confucius
eostic
Premium Member
Premium Member
Posts: 3835
Joined: Mon Oct 17, 2005 9:34 am

Post by eostic »

Thanks for that info!! This makes sense --- in the end, what ISD is doing is deploying, on your behalf, a normal WAS enterprise application, with all its required bits (EAR, etc.). ....WAS has a whole lot of settings, logging, exits, etc. that "could" be exploited, or in this case, need to be altered...

Thx!

Ernie
Ernie Ostic

blogit!
<a href="https://dsrealtime.wordpress.com/2015/07/29/open-igc-is-here/">Open IGC is Here!</a>
Post Reply