Flashes (Alerts)
Abstract
Later browser versions require that a web server offer SSL protocol TLSv1.2 or it will not connect. Dynamic Workload Console (DWC) version 9.4.x is configured to offer protocol TLSv1 by default.
Content
If the Dynamic Workload Console does not offer ssl protocol TLSv1.2, then Chrome 98 will return the following upon browsing to the DWC URL:
To allow DWC to offer protocol TLSv1.2, the sslProtocol parameter within JazzSM's security.xml needs to be changed from SSL_TLS to SSL_TLSv2.
Steps on the server hosting DWC involve adding two characters to security.xml and restarting JazzSM:
1.) Login as root (or an Administrator if Windows)
2.) Change directory to: <InstallDir>/JazzSM/profile/config/cells/JazzSMNode01Cell
3.) Create a copy of security.xml:
# cp -p security.xml security.xml.SSL_TLS
To allow DWC to offer protocol TLSv1.2, the sslProtocol parameter within JazzSM's security.xml needs to be changed from SSL_TLS to SSL_TLSv2.
Steps on the server hosting DWC involve adding two characters to security.xml and restarting JazzSM:
1.) Login as root (or an Administrator if Windows)
2.) Change directory to: <InstallDir>/JazzSM/profile/config/cells/JazzSMNode01Cell
3.) Create a copy of security.xml:
# cp -p security.xml security.xml.SSL_TLS
4.) Modify security.xml:
CHANGE the line with sslProtocol="SSL_TLS":
FROM:
<setting xmi:id="SecureSocketLayer_JazzSMNode01_1" clientAuthentication="false" securityLevel="HIGH" enabledCiphers="" jsseProvider="IBMJSSE2" sslProtocol="SSL_TLS" keyStore="KeyStore_JazzSMNode01_1" trustStore="KeyStore_JazzSMNode01_2" trustManager="TrustManager_JazzSMNode01_2" keyManager="KeyManager_JazzSMNode01_1">
TO:
CHANGE the line with sslProtocol="SSL_TLS":
FROM:
<setting xmi:id="SecureSocketLayer_JazzSMNode01_1" clientAuthentication="false" securityLevel="HIGH" enabledCiphers="" jsseProvider="IBMJSSE2" sslProtocol="SSL_TLS" keyStore="KeyStore_JazzSMNode01_1" trustStore="KeyStore_JazzSMNode01_2" trustManager="TrustManager_JazzSMNode01_2" keyManager="KeyManager_JazzSMNode01_1">
TO:
<setting xmi:id="SecureSocketLayer_JazzSMNode01_1" clientAuthentication="false" securityLevel="HIGH" enabledCiphers="" jsseProvider="IBMJSSE2" sslProtocol="SSL_TLSv2" keyStore="KeyStore_JazzSMNode01_1" trustStore="KeyStore_JazzSMNode01_2" trustManager="TrustManager_JazzSMNode01_2" keyManager="KeyManager_JazzSMNode01_1">
5.) Restart JazzSM as root:
# cd <InstallDir>/JazzSM/profile/bin
# ./stopServer.sh server1
# ./startServer.sh server1
*Notes:
sslProtocol="SSL_TLS" offers only one protocol: TLSv1.
sslProtocol="SSL_TLSv2" offers three protocols: TLSv1, TLSv1.1, TLSv1.2.
Offering the TLSv1.2 protocol will satisfy the browser requirements.
Offering the TLSv1 protocol will allow connection to the Engine to remain the same.
There is not need to modify the Master's sslProtocol setting.
# cd <InstallDir>/JazzSM/profile/bin
# ./stopServer.sh server1
# ./startServer.sh server1
*Notes:
sslProtocol="SSL_TLS" offers only one protocol: TLSv1.
sslProtocol="SSL_TLSv2" offers three protocols: TLSv1, TLSv1.1, TLSv1.2.
Offering the TLSv1.2 protocol will satisfy the browser requirements.
Offering the TLSv1 protocol will allow connection to the Engine to remain the same.
There is not need to modify the Master's sslProtocol setting.
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB45","label":"Automation"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSGSPN","label":"IBM Workload Scheduler"},"ARM Category":[{"code":"a8m50000000KzAMAA0","label":"Components-\u003EDWC"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"9.4.0"}]
Was this topic helpful?
Document Information
Modified date:
10 February 2022
UID
ibm16555152