IBM WebSphere - Configure SSL TLS authentication, protocol, providers, and ciphers (QoP)

by
Jeremy Canfield |
Updated: April 19 2022
| IBM WebSphere articles
- In the WebSphere admin console, expand Security and select SSL certificate and key management.
- Select SSL configurations.
- Select one of the SSL configurations, such as CellDefaultSSLSettings.
- On the right side of the page, select Quality of protection (QoP) settings.
By default, client authentication will be set to None and the Protocol will be SSL_TLSv2.
By default, the JSSE (Java Secure Sockets Extension) provided will be set to IBMJSSE2.
There will be a number of ciphers that can be used. Ciphers can be added or removed from the cell or node.
These settings should also be defined in the security.xml file (e.g. /opt/WebSphere/AppServer/profiles/your_profile/config/cells/your_cell/security.xml).
<repertoire xmi:id="SSLConfig_1" alias="CellDefaultSSLSettings" managementScope="ManagementScope_1">
<setting xmi:id="SecureSocketLayer_1" clientAuthentication="false" securityLevel="HIGH" enabledCiphers="" jsseProvider="IBMJSSE2" sslProtocol="SSL_TLSv2" keyStore="KeyStore_1" trustStore="KeyStore_2" trustManager="TrustManager_2" keyManager="KeyManager_1">
<properties xmi:id="Property_1444451469965" name="com.ibm.ssl.changed" value="3"/>
</setting>
</repertoire>
You will probably also want to update com.ibm.ssl.protocol value in the ${WAS_INSTALL_ROOT}/profiles/your_profile/properties/ssl.client.props file to match the protocol.
com.ibm.ssl.protocol=SSL_TLSv2
Did you find this article helpful?
If so, consider buying me a coffee over at