Bootstrap FreeKB - IBM WebSphere - Resolve "The runtime has at least one SSL configuration that is enabled with SSL_TLSv2"
IBM WebSphere - Resolve "The runtime has at least one SSL configuration that is enabled with SSL_TLSv2"

Updated:   |  IBM WebSphere articles

Let's say the following is in the HPEL or SystemOut log when attempting to start your WebSphere network deployment manager (dmgr), node, or application server.

The runtime has at least one SSL configuration that is enabled with SSL_TLSv2 which includes TLSv1 and TLSv1.1.
The TLSv1 and TLSv1.1 protocols are considered weak and are disabled at some time in the future.
If TLSv1 and TLSv1.1 are not needed, then follow the instructions at https://www.ibm.com/support/pages/node/1077951 to enable a stronger protocol.
If TLSv1 and TLSv1.1 are needed, then make sure they are enabled on java security property jdk.tls.disabledAlgorithms or the security custom property com.ibm.websphere.jdk.tls.disabledAlgorithms.
SSL configurations that use SSL_TLSv2 protocols include: [CellDefaultSSLSettings((cell):ExampleCell01), NodeDefaultSSLSettings((cell):ExampleCell01:(node):ExampleNode01)]

 

Notice in this example that the CellDefaultSSLSettings and NodeDefaultSSLSettings are listed as the SSL configuration that have TLSv1 and TLSv1.1 enabled. In this example, in the WebSphere admin console, at Security SSL certificate ane key management > SSL configuration CellDefaultSSLSettings > Quality of protection (QoP) settings, you should see that protocol SSL_TLSv2 is selected. 

 

This could be resolved by setting the protocol to TLSv1.2 or TLSv1.2, or setting the custom protocol list to include both TLSv1.2 and TLSv1.3.

 




Did you find this article helpful?

If so, consider buying me a coffee over at Buy Me A Coffee



Comments


Add a Comment


Please enter cab2f7 in the box below so that we can be sure you are a human.