Skip to Content

Writer instructions

Page title

For most spaces, this page must be titled Space announcements.

For spaces with localized content, this page must be titled Space announcements l10n.

Purpose

Provide an announcement banner on every page of your space.

Location

Move this page outside of your home branch.

Guidelines

Information
Limited support BMC provides limited support for this version of the product. As a result, BMC no longer accepts comments in this space. If you encounter problems with the product version or the space, contact BMC Support.BMC recommends upgrading to the latest version of the product. To see documentation for that version, see MainView Middleware Monitor 9.2.

Configuring TLS protocols and Cipher suites for HTTPS



The MVMM Application Service Web secure port uses HTTPS. It is configured to support both TLSv1 and TLSv1.2 to ensure compatibility with modern web browsers as well as toleration of earlier versions of MVMM (e.g. for agents from earlier versions).

When changing this configuration, refer to the agent tier requirements documented below.


Related topics

Working-with-the-subscriber-services

Defining-configuration-options-in-services-cfg

App_Service

Configuring the TLS protocol for HTTPS

To configure the HTTPS TLS protocol offered by the MVMMApplication Service, edit the sslContextFactory definition in jetty/qpas.xml (shown below). Make sure to backup the file before making changes.

The MVMM Application Service must be restarted for changes to take effect.

<Set name="IncludeProtocols">
<Array type="String">
<!-- =========================================================== -->
<!-- Include TLSv1 for agents before TMTM 8.1. -->
<!-- Include TLSv1.2 for browsers, agents and internal services -->
<!-- =========================================================== -->
<Item>TLSv1</Item>
<Item>TLSv1.2</Item>
</Array>
</Set>

Either or both of IncludeProtocols or ExcludeProtocols can be used, as required.

The full list of supported TLS protocols is SSL, SSLv2, SSLv3, TLS, TLSv1, TLSv1,1, TLSv1.2.

Configuring the TLS Cipher Suites for HTTPS

To configure the HTTPS TLS cipher suites offered by the MVMMApplication Service edit the sslContextFactory definition in jetty/qpas.xml (shown below). Make sure to backup the file before making changes.

The MVMM Application Service must be restarted for changes to take effect.

<Set name="ExcludeCipherSuites">
   <Array type="String">
      <!-- =========================================================== -->
      <!-- Not Excluded - TLSv1.2 ciphers for browsers and extensions  -->
      <!-- =========================================================== -->
      <!-- Item>TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256</Item -->
      <!-- Item>TLS_DHE_RSA_WITH_AES_128_CBC_SHA256</Item -->
      <!-- Item>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</Item -->
      <!-- Item>TLS_DHE_RSA_WITH_AES_128_GCM_SHA256</Item -->
      <!-- =========================================================== -->
     .....
<Set name="ExcludeCipherSuites">    

Either or both of IncludeCipherSuites or ExcludeCipherSuites may be used, as required.

The full list of supported TLS cipher suites is documented here: JSSE Cipher Suite Names

Agent Tier Requirements for HTTPS

The MVMM Configuration Agent can use HTTP or HTTPS to access distribution packages or BTM deployment information, based on configuration.

Agent Version

Default HTTP

Default TLS

7.0

HTTP

TLSv1

8.0

HTTPS

TLSv1

8.0.1

HTTPS

TLSv1

8.1

HTTPS

TLSv1.2


To change the defaults, use agent preferences to configure the use of HTTP or HTTPS. For example, to use HTTPS:

% agentpref --set "BTMConfig Ext" ASSecure true

To change the defaults, use Java system properties to configure the TLS protocol used. Edit the MVMM Configuration Agent bmmtm_agent/bin/wrapper.conf file, as show below.

The MVMM Configuration Agent must be restarted for changes to take effect.

# Take care to keep the additional number contiguous
wrapper.java.additional.8=-Dcom.bmc.mmpa.client_protocols=TLSv1.2



 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

MainView Middleware Monitor 9.0