DSXchange: DataStage and IBM Websphere Data Integration Forum
View next topic
View previous topic
Add To Favorites
This topic has been marked "Resolved."
Author Message
qt_ky



Group memberships:
Premium Members

Joined: 03 Aug 2011
Posts: 2813
Location: USA
Points: 21315

Post Posted: Mon Mar 26, 2018 1:30 pm Reply with quote    Back to top    

DataStage® Release: 11x
Job Type: Parallel
OS: Unix
Additional info: Version 11.3.1.2
One of our ISD application web service consumers has said they just disabled TLS 1.0 on their side and can no longer access the secure web services we host using ISD.

Does that mean that ISD 11.3.1.2 only has TLS 1.0 enabled out of the box? We are being asked to switch to TLS 1.2, which I thought ISD already supported out of the box. But now, not so sure. Seems like it should since TLS 1.2 was defined 10 years ago in 2008.

_________________
Choose a job you love, and you will never have to work a day in your life. - Confucius
ray.wurlod

Premium Poster
Participant

Group memberships:
Premium Members, Inner Circle, Australia Usergroup, Server to Parallel Transition Group

Joined: 23 Oct 2002
Posts: 54372
Location: Sydney, Australia
Points: 294928

Post Posted: Tue Mar 27, 2018 2:56 am Reply with quote    Back to top    

Check out this thread. TLS v1.0 only for 11.3.

_________________
RXP Services Ltd
Melbourne | Canberra | Sydney | Hong Kong | Hobart | Brisbane
currently hiring: Canberra, Sydney and Melbourne
Rate this response:  
Not yet rated
qt_ky



Group memberships:
Premium Members

Joined: 03 Aug 2011
Posts: 2813
Location: USA
Points: 21315

Post Posted: Thu Mar 29, 2018 8:51 am Reply with quote    Back to top    

My coworker was able to resolve this on 11.3 with an all-encompassing dynamic setting change in WAS (no WAS restart required)!

11.3 has SSL_TSL which supports all SSL and TLS 1.0, but not TLS1.2.

11.7 has SSL_TLSv2, which supports all SSL and TLS variants.

For WebSphere Network Deployment:

In WebSphere administration console,
Navigate to:
Security -> SSL certificate and key management ->SSL configurations ->IISSSL Configuration -> Quality of Protection (QoP) settings
Update Protocol from SSL_TLS to SSL_TLSv2 and click OK, and Save.

Navigate to:
Security -> SSL certificate and key management ->SSL configurations ->NodeDefaultSSL Settings -> Quality of Protection settings
Update Protocol from SSL_TLS to SSL_TLSv2 and click OK, and Save.

_________________
Choose a job you love, and you will never have to work a day in your life. - Confucius
Rate this response:  
Not yet rated
eostic

Premium Poster



Group memberships:
Premium Members

Joined: 17 Oct 2005
Posts: 3781

Points: 30365

Post Posted: Fri Mar 30, 2018 10:13 am Reply with quote    Back to top    

Thanks for that info!! This makes sense --- in the end, what ISD is doing is deploying, on your behalf, a normal WAS enterprise application, with all its required bits (EAR, etc.). ....WAS has a w ...

_________________
Ernie Ostic

blogit!
Open IGC is Here!
Rate this response:  
Not yet rated
Display posts from previous:       

Add To Favorites
View next topic
View previous topic
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



Powered by phpBB © 2001, 2002 phpBB Group
Theme & Graphics by Daz :: Portal by Smartor
All times are GMT - 6 Hours