Transport Layer Security(TLS) protocol is an improvement on the SSL v3 protocol.
This section providesan overview of the configurations for enabling TLS-Only on WebSphere.
To enable TLS-only onWebSphere:
Login to ISC (http://host:adminport/ibm/console).
Under the Security menu,select SSL certificate and key management, SSL configurations, NodeDefaultSSLSettings,Quality of protection (QoP) settings.
Change the Protocol valueto TLS orTLSv1.
This ensures thatWebSphere server will accept only TLS connections. That is, when theweb server acts as a server (inbound) or as client (outbound) theSSL connections will be established through the TLS protocol. Whentesting from a browser make sure to check the browser settings toinitiate TLS handshakes only.
This section coverssteps for configuring TLS on browsers.
Setting Up TLS onMicrosoft Internet Explorer
To set up TLS on InternetExplorer:
Launch Internet Explorer.
Select Tools, InternetOptions, and select the Advanced tab.
In the Settings box inthe Security section, disable Use SSL 3.0 and enableUse TLS 1.0.
Click OK and restart thebrowser.
Setting Up TLS onMozilla Firefox
To set up TLS on Firefox:
Launch Firefox.
Select Tools, Options,click the Advanced icon, and select the Encryption tab.
In the Protocols groupbox, disable Use SSL 3.0 and enableUse TLS 1.0.
Click OK and restart thebrowser.
After setting TLS forWebSphere and browsers, the TLS communication can be verified by loggingin to the PeopleSoft application through WebSphere’s default SSL port(HTTPS).
For example:
https://<host_name>:<https_port>/<PIAsite>/signon.html
You can find the HTTPSport in the WebSphere Administrative Console, by selecting Servers,Application Server, server1, ports. Find the port corresponding tothe entry WC_defaulthost_secure.
It is strongly recommendedto that you access the vendor's documentation of the web server youare using for a reverse proxy server and use their instructions forsetting up TLS.
