(SM) Support Tip: TLS 1.2 not accepted when Service Manager installed on IBM AIX

Service Manager is installed on AIX Server. TLSv1.2 between the Service Manager Clients and the Service Manager Server RTE is being enforced, however, TLS 1.2 is not being honored. Instead logs indicate that TLS 1.1 is being used.

This is specific to IBM Java. Service Manager uses the standard parameter from Oracle Java to enforce TLS v1.2, but IBM needs an additional parameter: com.ibm.jsse2.overrideDefaultTLS=true.

This can be set in the sm.ini file using the following steps. com.ibm.jsse2.overrideDefaultTLS=true

1. Edit the sm.ini
2. Add this parameter:
a. JVMOption3: -Dcom.ibm.jsse2.overrideDefaultTLS=true
i. (The Option number can changed based on the amount of JVMOptions already existing in the sm.ini file. Example: 0, 1 & 2
3. Save the ini
4. Stop and restart Service Manager

Tags: