IBM Support

Confirming whether TLSv1 and TLS_v1.1 are disabled

Question & Answer


Question

How can I confirm that TLSv1 and TLS_v1.1 are disabled for the IBM Storage Insights Data Collector?

Cause

Because of known security vulnerabilities with TLSv1 and TLSv1.1, they are disabled by default.  However, they could be enabled by following steps from the IBM Documentation, making it necessary to be able to confirm the configuration.

Answer

Do the following on the host where the data collector service is installed:
1.  Open java.security and make sure it includes TLSv1 and TLSv1.1 in the following line, which is the default Disabled configuration.
jdk.tls.disabledAlgorithms=MD5withRSA, DH keySize < 1024, TLSv1, TLSv1.1, EC keySize < 224, anon, NULL
  • On Windows, go to Data Collector Installation\jre\lib\security.
  • On AIX or Linux, go to Data Collector Installation/jre/lib/security.
2.  Go to Data Collector installation, open conf folder, and make sure setup.properties does not explicitly call out another location for the security.java file with dcJVMArgs or epJvmArgs.

Example:
dcJvmArgs=-Djava.security.properties=C:\\copiedlocationfolderpath\\java.security file
epJvmArgs=-Djava.security.properties=C:\\copiedlocationfolderpath\\java.security file
If either of those entries exists, it is likely that the older protocols were previously enabled.  Check the java.security file at the specified location to confirm whether TLSv1 and TLSv1.1 are disabled. If these variables are removed from the setup.properties file, the java.security file in the location from step 1 is used.

3.  If any updates are made, restart the IBM Storage Insights Data Collector service to pick up the changes.

[{"Type":"MASTER","Line of Business":{"code":"LOB26","label":"Storage"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SSQRB8","label":"IBM Storage Insights"},"ARM Category":[{"code":"a8m3p000000hBFuAAM","label":"Security"}],"ARM Case Number":"TS009207342","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
02 May 2022

UID

ibm16579217

Page Feedback