Summary
This document details on how to establish TLSV1.2 in Service Manager in any integration with 3rd party tools/products specially in Linux installation.
Question
This document details the on how to establish SSL TLSV1.2 at HP Service Manager installed in Linux
Answer
The Service Manager server uses Java to securely manage and connect incoming client requests that use TLS and SSL protocols.
In this scenario, the Service Manager server is acting as a TLS/SSL server. As of Service Manager 9.41, the Service Manager server uses TLS 1.2 by default (TLS 1.0 and TLS 1.1 are also supported).
To enforce the TLS 1.2 protocol, configure the following parameter in the sm.ini file:
sslProtocols:TLSv1.2 (which supports 256 bit higher cipher suites)
Above configuration works well in the Windows environment. however, in Linux environment it still does not support SSL TLSV1.2 256 bit higher cipher suites.
Reason
On Linux, a pre-packaged JRE is not shipped with SM unlike with Windows platform, this means the customer is responsible for installing Java JRE which is used by SM Server RTE.
If the customer is on the old versions of Java, the JCE unlimited export policy files had to be manually installed in order to be activated in the JRE.
Newer versions of Java include the unlimited export policy files and are activated by default.
Solution
1. If customer is on Service Manager installed on Linux, check which Java vendor is providing the symbolic link for the RUN/jre folder.
It will either be Oracle or OpenJDK.
Once determined, follow the vendor's instructions for downloading and enabling the JCE Unlimited Strength Policy files.
SM Server will need to be stopped to complete this action.
Once completed, start SM Server and check if issue is resolved
2. Upgrade SM RTE to 9.64 or higher since these versions support versions of JRE which include the JCE Unlimited Strength Policy files
Once completed, start SM Server and check if issue is resolved