Release : 18.0.12
Component : CA Endevor Software Change Manager
Endevot Tomcat is configired to use TLS1.2 only:
<Connector port="XXXX" protocol="HTTP/1.1" SSLEnabled="true"
maxThreads="150" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS"
sslEnabledProtocols="TLSv1.2"
keystoreType="JCERACFKS"
keystoreFile="safkeyring://keyringowner/keyring"
sslImplementationName="com.ca.sslsocket.CASSLImplementation" />
IDz start up command:
C:\Users\xxxxxxx\IBM\SDPV14.1.7\eclipse.exe -product com.ibm.rational.developer.systemz.product.ide -vmargs -DrdzCryptoProviderClass=com.ibm.security.capi.IBMCAC -Djavax.net.ssl.trustStoreprovider=IBMCAC -Djavax.net.ssl.trustStoreType=Windows-ROOT
This command use IBM security provider (IBMCAC) and somehow cause JVM/JSSEs default setting to TLS1.0.
Option 1:
Add vm paramter -Dhttps.protocols=TLSv1.2 and remove the -Djavax.net.ssl.trustStoreprovider=IBMCAC from IDz start up command:
C:\Users\xxxxxxx\IBM\SDPV14.1.7\eclipse.exe -product com.ibm.rational.developer.systemz.product.ide -vmargs -DrdzCryptoProviderClass=com.ibm.security.capi.IBMCAC -Djavax.net.ssl.trustStoreType=Windows-ROOT -Dhttps.protocols=TLSv1.2
Option 2:
Add paramter --launcher.appendVmargs before -vmargs parameter in IDz start up, and modify eclipse.ini (remove
-Djavax.net.ssl.trustStoreprovider=IBMCAC, add -Dhttps.protocols=TLSv1.2)
sample eclipse.ini:
-vm
jdk/jre/bin/j9vm/jvm.dll
-startup
plugins/org.eclipse.equinox.launcher_1.3.201.v20161025-1711.jar
--launcher.library
plugins/org.eclipse.equinox.launcher.win32.win32.x86_64_1.1.401.v20161122-1740
--launcher.appendVmargs
-install
C:/Program Files/CA/DEz
-vmargs
-Dhttps.protocols=TLSv1.2
-Djavax.net.debug=all
-Djavax.net.ssl.trustStoreType=Windows-MY
-DrdzCryptoProviderClass=com.ibm.security.capi.IBMCAC
-Xquickstart
-Xms40m
-Xmx1024m
-Xmnx64m
-Xgcpolicy:xxxxxx
-Xscmx96m
-Xshareclasses:name=IBMSDP_%u
-Xcompressedrefs