Enforcing TLS Version 1.2

Enforcing TLS Version 1.2

Require the use of the latest version of the TLS security protocol for communication on the site. This process ensures that any weakness in previous versions, or older, less secure protocols, cannot be used by malicious parties to obtain sensitive data.

About this task

Transport Layer Security (TLS) is a cryptographic protocol designed for secure network communications. TLS 1.2 is the latest, and thus most secure, version of the specification.
Requiring TLS 1.2 is part of updating to NIST SP 800-131A security standards. Consider NIST SP 800-131A for more enhancements to site security.

Procedure
To enforce the use of TLS 1.2 on the site, ensure that all supporting software is using TLS 1.2:

By default, WebSphere Application Server supports only TLS 1.0 for outbound communication. It is recommended that we use SSL_TLSv2 so that we can support TLS 1.0, 1.1, and 1.2 for outbound communication. To support only TLS 1.2 for outbound communication, then use TLSv1.2.

Results
All communications on the site are now made through TLS 1.2 only.