Posts

Disabling TLSv1 in ADFS

We recently had a requirement to disable TSLv1 in our ADFS instance.  Some portions of Lawson, as well as LBI, still depend on TLSv1 security.  So, the best way to accommodate this requirement, while also making sure the applications stay fully compatible, is to set the QoP (Quality of Protection) protocol to SSL_TLSv2 in WebSphere on all nodes for all products.

To do this, for each WAS instance, log into the console and navigate to SSL certificate and key management > SSL configurations > (cell or node – do them all) > Quality of protection.  Set the protocol to SSL_TLSv2.  Once you have saved these changes for all cells and nodes, restart the server.