I would like to know if we need to do anything to ensure Process Server or Process Centre is SHA-2 compliant as we are going to update our security Infrastructure. Our goal is to use SHA-2 for security purpose in the future. Are there any limitation for using SHA-256, SHA-384 or SHA-512 for TLS connections on BPM or ODM?
Additionally please notice, we secure the cells and nodes using SHA-1 (with RSA) encryption at the moment. The same applies to all inbound and outbound services such as CICS, Web Services, HTTPS calls and so on.
Answer by S.Baumann (2871) | Sep 29, 2015 at 09:18 AM
Referring to information we received from our IBM Security Architects for BPM and ODM, those products rely on the WebSphere Application Server(WAS) version and the underlying Java version for this functionality. Referring to official statements in the WAS Knowledge Center, the above SHA algorithms are supported. (Please make sure, you look up those security aspects for your WAS version)
Moreover, you might also need to check the support for IHS separately. Please have a look at the following dwAnswer post for this: Can IHS 7.0 use SHA-2 (sha224, sha256, sha384, sha512) digest algorithms?
Finally, you can review how to update the default SSL certifactes of WAS in this technote or for IHS in the Knowledge Center. You might also want to review how to convert certificates to use the new minimal strength (SHA254withRSA).