Enabling TLS-Only on WebSphere
Transport Layer Security (TLS) protocol is an improvement on the SSL v3 protocol.
This section provides an overview of the configurations for enabling TLS-Only on WebSphere.
To enable TLS-only on WebSphere:
Login to ISC (http://host:adminport/ibm/console).
Under the Security menu, select SSL certificate and key management, SSL configurations, NodeDefaultSSLSettings, Quality of protection (QoP) settings.
Change the Protocol value to TLS orTLSv1.
This ensures that WebSphere server will accept only TLS connections. That is, when the web server acts as a server (inbound) or as client (outbound) the SSL connections will be established through the TLS protocol. When testing from a browser make sure to check the browser settings to initiate TLS handshakes only.
This section covers steps for configuring TLS on browsers.
Setting Up TLS on Microsoft Internet Explorer
To set up TLS on Internet Explorer:
Launch Internet Explorer.
Select Tools, Internet Options, and select the Advanced tab.
In the Settings box in the Security section, disable Use SSL 3.0 and enableUse TLS 1.0.
Click OK and restart the browser.
Setting Up TLS on Mozilla Firefox
To set up TLS on Firefox:
Launch Firefox.
Select Tools, Options, click the Advanced icon, and select the Encryption tab.
In the Protocols group box, disable Use SSL 3.0 and enableUse TLS 1.0.
Click OK and restart the browser.
After setting TLS for WebSphere and browsers, the TLS communication can be verified by logging in to the PeopleSoft application through WebSphere’s default SSL port (HTTPS).
For example:
https://<host_name>:<https_port>/<PIA site>/signon.html
You can find the HTTPS port in the WebSphere Administrative Console, by selecting Servers, Application Server, server1, ports. Find the port corresponding to the entry WC_defaulthost_secure.
It is strongly recommended to that you access the vendor's documentation of the web server you are using for a reverse proxy server and use their instructions for setting up TLS.