Configuring TLS v1.2 encryption

You can configure your connections to enable Transport Layer Security v1.2 encryption for your connections.

Procedure

  1. Modify the JVM options in the client side eclipse.ini file.
    1. Close the development workbench if it is open.
    2. Find the eclipse.ini file for your installation. The eclipse.ini file is located in root of the product install directory. For example, if you installed the product to C:\Program Files\IBM\SDP, the file would be located at C:\Program Files\IBM\SDP\eclipse.ini.
    3. Add the -DDSTORE_SSL_ALGORITHM=TLSv1.2 JVM option to eclipse.ini. Open eclipse.ini in an editor and add the option. This example eclipse.ini source shows the option on the second last line:
      -vm
      C:\Program Files\IBM\SDP\jdk\jre\bin\javaw.exe
      -startup
      plugins/org.eclipse.equinox.launcher_1.3.0.v20120522-1813.jar
      --launcher.library
      plugins/org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.200.v20120913-144807
      -install
      C:/Program Files/IBM/SDP
      -vmargs
      -Xquickstart
      -Xms100m
      -Xmx1024m
      -Xmnx64m
      -Xgcpolicy:gencon
      -Xscmx96m
      -Xshareclasses:name=IBMSDP_%u
      -XX:MaxPermSize=512M
      -Xcompressedrefs
      -Dcom.ibm.ws.management.event.max_polling_interval=1000
      -DDSTORE_SSL_ALGORITHM=TLSv1.2
      -Xss2m
    4. Save the file.
  2. Modify the JVM options in the server side runserver.sh script.
    1. Find the runserver.sh script on your server. The runserver.sh script is located in the /opt/IBM/RDAIXLinux/<product_version>/rse/ directory on your server. For example, for version 9.0, you will find it at /opt/IBM/RDAIXLinux/9.0/rse/runserver.sh.
    2. Locate the section of the script where the Java™ executable is called. The section will look similar to this sample:
      if [ $# -gt 4 ]; then
              $javaExe -Xgcpolicy:gencon -Xms64m -Xmx128m -Xss2m -cp $classpath -DA_PLUGIN_PATH=$pathIN -DDSTORE_SPIRIT_ON=$SPIRIT_ON -DDSTORE_MEMLOGGING_ON=$MEMLOGGING_ON -DDSTORE_TRACING_ON=$TRACE_ON org.eclipse.dstore.core.server.Server $portIN $timeoutIN $ticketIN
      elif  [ $# -gt 3 ]; then
              $javaExe -Xgcpolicy:gencon -Xms64m -Xmx128m -Xss2m -cp $classpath -DA_PLUGIN_PATH=$pathIN -DDSTORE_SPIRIT_ON=$SPIRIT_ON -DDSTORE_MEMLOGGING_ON=$MEMLOGGING_ON -DDSTORE_TRACING_ON=$TRACE_ON org.eclipse.dstore.core.server.Server $portIN $timeoutIN
      fi
    3. Add the -DDSTORE_SSL_ALGORITHM=TLSv1.2 JVM option to runserver.sh. After you add the option, runserver.sh will look similar to this sample.
      if [ $# -gt 4 ]; then
              $javaExe -Xgcpolicy:gencon -Xms64m -Xmx128m -Xss2m -cp $classpath -DDSTORE_SSL_ALGORITHM=TLSv1.2 -DA_PLUGIN_PATH=$pathIN -DDSTORE_SPIRIT_ON=$SPIRIT_ON -DDSTORE_MEMLOGGING_ON=$MEMLOGGING_ON -DDSTORE_TRACING_ON=$TRACE_ON org.eclipse.dstore.core.server.Server $portIN $timeoutIN $ticketIN
      elif  [ $# -gt 3 ]; then
              $javaExe -Xgcpolicy:gencon -Xms64m -Xmx128m -Xss2m -cp $classpath -DDSTORE_SSL_ALGORITHM=TLSv1.2 -DA_PLUGIN_PATH=$pathIN -DDSTORE_SPIRIT_ON=$SPIRIT_ON -DDSTORE_MEMLOGGING_ON=$MEMLOGGING_ON -DDSTORE_TRACING_ON=$TRACE_ON org.eclipse.dstore.core.server.Server $portIN $timeoutIN
      fi
    4. Save the script.
  3. Modify the JVM options in the server side daemon.pl script.
    1. Find the daemon.pl script on your server. The daemon.pl script is located in the /opt/IBM/RDAIXLinux/<product_version>/rse/ directory on your server. For example, for version 9.0, you will find it at /opt/IBM/RDAIXLinux/9.0/rse/daemon.pl.
    2. Locate the section of the script where the Java executable is called. The section will look similar to this sample:
      if (defined($ARGV[1]))
      {
      	exec("$javaExe -Xms64m -Xmx128m -Xss2m -DA_PLUGIN_PATH=\$A_PLUGIN_PATH -DDSTORE_TRACING_ON=$trace org.eclipse.dstore.core.server.ServerLauncher $port $ARGV[1]");
      }
      else
      {
          exec("$javaExe -Xms64m -Xmx128m -Xss2m -DA_PLUGIN_PATH=\$A_PLUGIN_PATH -DDSTORE_TRACING_ON=$trace org.eclipse.dstore.core.server.ServerLauncher $port");
      }
    3. Add the -DDSTORE_SSL_ALGORITHM=TLSv1.2 JVM option to daemon.pl. After you add the option, daemon.pl will look similar to this sample.
      if (defined($ARGV[1]))
      {
      	exec("$javaExe -Xms64m -Xmx128m -Xss2m -DDSTORE_SSL_ALGORITHM=TLSv1.2 -DA_PLUGIN_PATH=\$A_PLUGIN_PATH -DDSTORE_TRACING_ON=$trace org.eclipse.dstore.core.server.ServerLauncher $port $ARGV[1]");
      }
      else
      {
          exec("$javaExe -Xms64m -Xmx128m -Xss2m -DDSTORE_SSL_ALGORITHM=TLSv1.2 -DA_PLUGIN_PATH=\$A_PLUGIN_PATH -DDSTORE_TRACING_ON=$trace org.eclipse.dstore.core.server.ServerLauncher $port");
      }
    4. Save the script.
  4. Restart the server. For information about starting the server manually, see Connecting to a remote AIX server.
  5. Restart the development workbench.

Feedback