http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar1.pdfTransitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths
| Info |
|---|
1. Click Security > SSL certificate and key management > Manage FIPS
2. Select the Enable SP800-131 radio button.
3. Select the Transition radio button.
a. You have the choice to change the protocols in SSL configuration to TLSv1.2 by optionally selecting the
Update the SSL configuration to require TLSv1.2 box. If you do not select this box, all SSL configurations are set to TLS.
4. Click Apply/Save.
5. If your server is enabled with Dynamic SSL Updating, edit the ssl.client.props file and change the com.ibm.ssl.protocol property to have the same protocol you
configured the server to have before you restart the server. When these changes are applied, and the server is restarted,
all of the SSL configuration on the server are modified to use the TLS or TLSv1.2 protocol, and the com.ibm.jsse2.sp800-131 system property
is set to transition. The SSL configuration uses the appropriate SSL ciphers for the standard.
6 Click Server > Server Types > WebSphere application servers and then click server1 to open it.
7. Under Server Infrastructure, click Java and Process Management > Process definition.
8. Under Additional Properties, click Java Virtual Machine.
9. Under Generic JVM arguments, enter -Dhttps.protocols=TLSv1,TLSv1.1,TLSv1.2
10.Click OK and save directly to the master configuration.
11. Restart the application server. |
...