Configuring Apache Tomcat to support TLS 1.2

To comply with the US government SP 800-131 security standard, you can configure the Apache Tomcat server that hosts Rational® Engineering Lifecycle Manager to enable the Transport Layer Security (TLS) 1.2 protocol.

Procedure

  1. Go to JazzInstallDir/server and open the server.startup file for editing.
  2. In the file, find the section that starts with set JAVA_OPTS=%JAVA_OPTS% on Windows platforms or JAVA_OPTS="$JAVA_OPT on UNIX systems, and add the following lines:
    -Djazz.connector.sslProtocol=TLSv1.2
    -Dcom.ibm.team.repository.transport.client.protocol=TLSv1.2
    -Dcom.ibm.jsse2.sp800-131=strict
    -Dcom.ibm.rational.rpe.tls12only=true
  3. Replace -Djazz.connector.sslProtocol=SSL_TLS with -Djazz.connector.sslProtocol=TLSv1.2
  4. Save and close the file.

Feedback