IBM InfoSphere Streams Version 4.1.1
Changing the cryptographic protocol for InfoSphere Streams services
Many domain and instance services support connections that use Transport Layer Security
(TLS) cryptographic protocols. You can specify which cryptographic protocols the services use for
secure communication by setting domain and instance properties. The default
setting for InfoSphere®
Streams is TLSv1, which indicates that TLS 1.0 or later protocols are used.
About this task
You can specify the cryptographic protocol for the following domain and instance services.
Notes:
- The domain.sslOption domain property is used as the default value for the sslOption properties that are listed.
- If you set the sws.sslProtocol property to
TLSv1.2, you must also specify one of the following settings:
- Set the domain.sslOption property to TLSv1.2.
- Set both the aas.sslOption and jmx.sslOption properties to TLSv1.2.
Service name | Domain property name |
---|---|
authentication and authorization service | aas.sslOption |
domain controller service | controller.sslOption |
management API service | jmx.sslOption |
web management service | sws.sslProtocol |
Service name | Instance property name |
---|---|
application deployment service | app.sslOption |
application manager service | sam.sslOption |
application metrics service | srm.sslOption |
view service | view.sslOption |
The domain and instance properties can have the following values:
- TLSv1: This value is the default value. It indicates that the service uses TLS 1.0 or later protocols.
- TLSv1.1: This value indicates that the service uses TLS 1.1 or later protocols. If a TLS 1.1 connection cannot be established, it falls back to TLS 1.0.
- TLSv1.2: This value indicates that the service uses only TLS 1.2 or later protocols. If a TLS 1.2 connection cannot be established, it does not fall back to lower versions of TLS support.
- SSL_TLS: This value indicates that the service uses TLS 1.0.
- SSL_TLSv2: This value indicates that the service uses TLS 1.0, TLS 1.1, or TLS 1.2.
- none: This value indicates that the service does not use TLS or SSL. You cannot specify this value for the sws.sslProtocol domain property.
The sws.sslProtocol domain property has an extra value: useJavaSetting. This property indicates that the web management service supports the cryptographic protocols that are specified by the Java™ configuration of processes that connect to the service. This value is the default value.
For more information about these properties, run streamtool man domainproperties and streamtool man properties.
Tip: Before you change the
cryptographic protocol, consider which InfoSphere
Streams interfaces
you use and how they are affected. For example, you must open the Streams
Console in
a web browser that supports the same cryptographic protocols that
you specify for the web management service.
Also, setting an sslOption property to something
other than TLSv1 might prevent communication with InfoSphere
Streams releases
earlier than 4.1.
Procedure
You can specify the cryptographic protocol when you create or update a domain or instance. In Streams Studio, you can specify the cryptographic protocol when you add or edit a domain connection.