The SSL panel contains individual configurations of SSL. When you
set SSL Enabled to Yes on
the panel, you can select these individual configurations
to be part of the SSL enablement.
You can create your own configurations or use the ones provided:
- Default JSSE Inbound SSL
- Default JSSE Outbound SSL
- Default OpenSSL Inbound SSL
- Default OpenSSL Outbound SSL
Each configuration has the following properties:
- Name
- Name for this configuration.
- Access
- The access group that defines which users can edit or delete this
keystore.
- Type
- Select JSSE or OpenSSL.
- Client Authentication
- Select one of the following:
- Server Certificate Alias
- Enter the alias for the server certificate.
- Client Certificate Alias
- Enter the alias for the client certificate.
- Keystore Configuration
- Select one of the Keystore configurations. They are configured
on the Keystore panel.
- Truststore Configuration
- Select one of the Truststore configurations. They are configured
on the Keystore panel.
- Handshake Protocol
- Select one of the following:
- SSLv2
- SSLv3
- SSL
- TLSv1
- TLS
- SSL_TLS - Not available for Default OpenSSL Inbound SSL and Default
OpenSSL Outbound SSL
- TLSv1_1
- TLSv1_2
Note: The following information applies to the TLSv1_1 and
TLSv1_2 properties for the handshake protocol:
- To enable TLSv1.1 or TLSv1.2, select all configurations ( Default
JSSE Inbound SSL, Default JSSE Outbound SSL, Default OpenSSL Inbound
SSL, Default OpenSSL Outbound SSL).
- If LDAP is enabled and LDAP Outbound uses Default JSSE
Outbound SSL, copy a Default JSSE Outbound SSL before
changing the protocol to TLSv1_1 or TLSv1_2. Then LDAP uses the copied
configuration.
- TLSv1_1 and TLSv1_2 are only supported between the BFagent and
the Java engine, the Java API and the Service Layer, and the Perl
API and the Service Layer. Therefore, when TLSv1_1 or TLSv1_2 is enabled,
the Perl engine cannot connect to the server if TLSv1.1 or TLSv1.2
is enabled on the server.
- TLSv1_1 and TLSv1_2 are supported only with JDK 1.7. Therefore,
when you deploy the Build Forge .war file on WebSphere® Application Server, which still uses JDK versions
below 1.7, TLSv1.1 and TLSv1.2 are not supported.
- The BFagent adds TLSv1.1 and TLSv1.2 support in Rational® Build
Forge® 8.0.0.1. Therefore,
when selecting TLSv1_1 or TLSv1_2 on the SSL page and the server's SSL
Enabled property is set to Yes,
make sure that the version of the agent is equal to or higher than
version 8.0.0.1.
- Cipher Suite Group
- One of High, Medium, Low, or All. Higher order ciphers are more
secure, but entail slower performance.
- Cipher Override List