Configuring WebSphere Application Server for the Suite B security standard
You can configure WebSphere® Application Server to use the new Suite B security standard.
Before you begin
About this task
The National Security Agency (NSA) created a cryptographic interoperability strategy called Suite B. It places specific requirements on the National Institute of Standards and Technology (NIST) SP800-131 standard.
Suite B requirements:
- SSL configuration must use the TLSv1.2 protocol.
- The com.ibm.jsse.suiteb system property must be set to 128 or 192.
- Certificates running in 128-bit mode must be created with the
SHA256withECDSA signature algorithm. Certificates running in 192-bit
mode must be created with the SHA384withECDSA signature algorithm.Note: To run in 192-bit mode, the unrestricted policy files must be in place on the JDK.
- Suite B approved cipher suites must be used.
To configure the server for the Suite B standard:
Procedure
What to do next
The Suite B standard requires that the SSL connection use the TLSv1.2 protocol. For a browser to access the administrative console or an application, the browser must support and first be configured to use the TLSv1.2 protocol.
Manually sync the nodes with syncNode, and start the node agents and servers. To use syncNode, you might need to update the ssl.client.props file to communicate with the deployment manager.