How to disable TLSv1 and TLSv1.1 on all DevTest Servers and your Workstation.

Needing to disable TLSv1 and TLSv1.1 due to a vulnerability with DevTest.

Would like to set TLSv1.2 for DevTest.

All supported DevTest releases and platforms.

N/A

To disable TLSv1 on IAM and set to TLSv1.2:

Edit file standalone.xml file located in folder IAM_HOME/standalone/configuration:

There are two places to make this change in the file:

1) 

<security-realm name="ApplicationRealm">
                <server-identities>
                    <ssl>
                        <keystore path="${iam.keystore}" keystore-password="${iam.keystore.password}"/>
                    </ssl>
                </server-identities>

2)

 <security-realm name="iamRealm">
                <server-identities>
                    <ssl>
                        <keystore path="${iam.keystore}" keystore-password="${iam.keystore.password}"/>
                    </ssl>
                </server-identities>

Change both to 

Save the file and restart IAM.

To disable TLSv1 on all servers then do this on each DevTest server and each Workstation: 

1. Edit the DevTest Home/jre/lib/security/java.security file 

2. In there is a line similar to (about line 625) 

Change from: 

jdk.tls.disabledAlgorithms=SSLv3, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL

Change to: 

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL

this to disable TLSv1.0 

or to 

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, \
    EC keySize < 224, 3DES_EDE_CBC, anon, NULL

this to disable TLSv1.0 and TLSv1.1 

Add this property in the local.properties file on every Server and Workstation if on DevTest 10.6.0 and earlier :

https.protocols=TLSv1.2

If on DevTest 10.7.0 and later, the above property is set by default in the lisa.properties file.

You will have to restart all the DevTest components.