SSL panel

The SSL panel contains individual configurations of SSL. When you set SSL Enabled to Yes on the Administration > Security panel, you can select these individual configurations to be part of the SSL enablement.

You can create your own configurations or use the ones provided:

Each configuration has the following properties:
Name
Name for this configuration.
Access
The access group that defines which users can edit or delete this keystore.
Type
Select JSSE or OpenSSL.
Client Authentication
Select one of the following:
  • Never
  • Supported
  • Required
Server Certificate Alias
Enter the alias for the server certificate.
Client Certificate Alias
Enter the alias for the client certificate.
Keystore Configuration
Select one of the Keystore configurations. They are configured on the Keystore panel.
Truststore Configuration
Select one of the Truststore configurations. They are configured on the Keystore panel.
Handshake Protocol
Select one of the following:
  • SSLv2
  • SSLv3
  • SSL
  • TLSv1
  • TLS
  • SSL_TLS - Not available for Default OpenSSL Inbound SSL and Default OpenSSL Outbound SSL
  • TLSv1_1
  • TLSv1_2
Note:
The following information applies to the TLSv1_1 and TLSv1_2 properties for the handshake protocol:
  • To enable TLSv1.1 or TLSv1.2, select all configurations ( Default JSSE Inbound SSL, Default JSSE Outbound SSL, Default OpenSSL Inbound SSL, Default OpenSSL Outbound SSL).
  • If LDAP is enabled and LDAP Outbound uses Default JSSE Outbound SSL, copy a Default JSSE Outbound SSL before changing the protocol to TLSv1_1 or TLSv1_2. Then LDAP uses the copied configuration.
  • TLSv1_1 and TLSv1_2 are only supported between the BFagent and the Java engine, the Java API and the Service Layer, and the Perl API and the Service Layer. Therefore, when TLSv1_1 or TLSv1_2 is enabled, the Perl engine cannot connect to the server if TLSv1.1 or TLSv1.2 is enabled on the server.
  • TLSv1_1 and TLSv1_2 are supported only with JDK 1.7. Therefore, when you deploy the Build Forge .war file on WebSphere® Application Server, which still uses JDK versions below 1.7, TLSv1.1 and TLSv1.2 are not supported.
  • The BFagent adds TLSv1.1 and TLSv1.2 support in Rational® Build Forge® 8.0.0.1. Therefore, when selecting TLSv1_1 or TLSv1_2 on the SSL page and the server's SSL Enabled property is set to Yes, make sure that the version of the agent is equal to or higher than version 8.0.0.1.
Cipher Suite Group
One of High, Medium, Low, or All. Higher order ciphers are more secure, but entail slower performance.
Cipher Override List

Feedback