Configuring Transport Layer Security protocols

Configure the latest Transport Layer Security (TLS) protocols for the transaction server to protect your site and comply with security standards. TLS 1.3 is the most secure protocol available, while TLS 1.2 is also considered a secure protocol.

Procedure

For HCL Commerce 9.1.6 or later, follow these steps to enable TLS 1.3 support:
  1. Verify TLS 1.3 requirements.
    Ensure you are running HCL Commerce 9.1.6.0 or later to enable TLS 1.3, as this support was introduced with WebSphere Application Server 9.0.5.6.
  2. If your environment is running HCL Commerce 9.1.6 to 9.1.18, follow these additional steps:
    1. Navigate to /SETUP/scripts/ and open setSSLProtocol.py.
    2. Locate the protocolList variable.
    3. Modify the array to ensure both 'TLSv1.3' and 'TLSv1.3,TLSv1.2' are included:
      protocolList = ['SSL_TLSv2', 'TLS', 'TLSv1', 'TLSv1.1', 'TLSv1.2', 'TLSv1.3', 'TLSv1.3,TLSv1.2', 'SSL_TLS', 'SSL', 'SSLv2', 'SSLv3']
  3. HCL Commerce Version 9.1.6.0 or later Run the set-ssl-protocol Transaction server Run Engine commands to set the TLS protocol to the highest level your software components allow:
    • TLSv1.3 (supports only TLS 1.3)
    • TLSv1.3,TLSv1.2 (supports both TLS 1.3 and TLS 1.2)
    • TLSv1.2 (supports only TLS 1.2)