Environment
Situation
If you install Reflection ZFE session server on a machine that uses IBM JDK 7.1 or 8 (such as AIX), you will not be able to make TLS/SSL connections from the Reflection ZFE session server to the host computer.
Resolution
If any type of TLS/SSL connection is desired for Reflection ZFE sessions to host computers, SSL 3.0 must be re-enabled in the IBM JDK, even if the actual protocol used in the Reflection ZFE session does not include SSL 3.0. That is, if the Reflection ZFE session is configured for “TLS 1.2, TLS 1.0,” the SSL 3.0 protocol must still be re-enabled in the JDK even though the connection will not use SSL 3.0.
To enable SSL 3.0 in the IBM JDK, set the new Java system property:
- Stop the Reflection ZFE session server service.
- Open the <Reflection ZFE installation folder>/sessionserver/conf/container.conf file in a text editor.
- Add this line (after the other wrapper.java.additional lines):
wrapper.java.additional.<n+1>=-Dcom.ibm.jsse2.disableSSLv3=falsewhere <n> equals the highest number noted in the other wrapper.java.additional.<n> lines.
- Save the file and restart the Reflection ZFE session server service.
For more information, see http://www-01.ibm.com/support/docview.wss?uid=swg21687173.