What versions of TLS does MettleCI Workbench support?

Transport Layer Security (TLS), the successor of the now-deprecated Secure Sockets Layer (SSL) protocol, is a cryptographic protocol designed to provide communications security over a computer network. Client-server applications use the TLS protocol to communicate across a network in a way designed to prevent eavesdropping and tampering. The protocol has undergone several revisions: TLS v1.0, 1.1, 1.2, and is currently at v1.3. At present, TLS v1.0 and v1.1 are deprecated in most environments.

IBM InfoSphere Information Server/DataStage uses the protocol to secure communication between the client (including the graphical clients) and engine tiers, as well as the API and services such as dsadmin and dsjob. Unfortunately, earlier versions of Information Server only support TSL v1.0, TLSv 1.1 or require additional configuration to use TLS v1.2. From DataStage v11.7.1 onwards Information Server supports TLS v1.2 without additional configuration.

MettleCI Workbench leverages Java’s built-in TLS support, which includes protocol version negotiation, when it is directly connecting to Information Server (running CLI tools is an indirect connection). During protocol version negotiation, Workbench will advertise all TLS versions it supports and so will Information Server. The highest common version will be used for communication. Therefore MettleCI Workbench supports all protocol versions that the instance of InfoServer it is communicating with supports, and will use the most secure version that the server supports. If a customer’s Information Server does not support TLSv1.2 (either due to the Information Server version chosen, or its configuration) then Workbench will connect with an older version (just like other clients). In this case, customers with security policies which exclude the use of older TLS protocols will need to upgrade/configure Information Server with TLSv1.2 support, or seek an exemption.