Configuring TLS secure protocol

This topic describes how to configure the Transport Layer Security (TLS) secure protocol version for BRPM.

By default, from 5.0.03.001 Patch 1 for Service Pack 3 onward, the TLS version is set to 1.2. However, you can change the version to any of the supported versions. Note that by using an older version of TLS, you might increase the risk to security vulnerabilities.

Configuring TLS version for Classic UI

1. Stop BMC Release Process Management service.
2. Go to the RLMHome\server\jboss\standalone\configuration location and open the standalone-full.xml 5.0.03.004 OR LATER or standalone.xml 5.0.03.003 OR EARLIER file.
   For a clustered environment, you must make changes to the standalone-full-ha.xml 5.0.03.004 OR LATER or standalone-full.xml 5.0.03.003 OR EARLIER file.

3. Search for the following SSL attribute in the configuration file. 
   "protocol=TLS1.2"

4. Update the values for the SSL protocol that match your requirement. 
   For example, if you specify protocol="TLSv1,TLSv1.1,TLSv1.2", BRPM supports all specified versions of TLS.
   To support a specific version, specify the version as the value. 

5. Save changes and restart the BMC Release Process Management service.

Configuring TLS version for RLM Requester UI (now called RPM Requester UI, 5.0.03.001 onward)

1. Stop BMC Release Lifecycle Management Requester UI.
2. Go to C:\Program Files\BMC Software\RLMUI\apache\conf and open httpd.conf file.
3. Search for "SSLProtocol" attribute and update the values that match your requirement. 
   For example, if you specify "SSLProtocol all -SSLv2 -SSLv3",  BRPM supports all specified versions of TLS except SSLv2 and SSLv3.
4. Save changes and restart the BMC Release Lifecycle Management Requester UI.

Related topics

5.0.03.001 Patch 1 for Service Pack 3

Starting and stopping product services

Enabling HTTPS/SSL on existing instance