How to force broker for using TLSv1.1 or TLSv1.2 instead of TLSv1.0 on Execution Server

Document ID : KB000094732
Last Modified Date : 04/05/2018
Show Technical Document Details
Introduction:
 NES server uses TLSv1.0 encryption protocol.  Suspend the use of this version and force using TLSv1.1 or TLSv1.2 protocols.

Going to Path  '/webapps/execution/WEB-INF/activemq-broker-nes.xml’ file below line have to be Uncommented : 
uri : 'transport.enabledProtocols=TLSv1.1,TLSv1.2'

Will this configuration work for Release Automation ? 
 
Instructions:
Enable the security protocols by adding the 'transport.enabledProtocols=TLSv1.1,TLSv1.2' to the uri as following : 

<amq:transportConnector name="ssl" uri="ssl://0.0.0.0:${jms.transport.port.nes}?transport.enabledProtocols=TLSv1.1,TLSv1.2&amp;daemon=true&amp;wireFormat.maxInactivityDuration=0" /> 

However this configuration is working only when omitting the nio protocol due to a known bug in activemq version 5.10 solved in 5.11 (https://issues.apache.org/jira/browse/AMQ-5407). omitting the NIO protocol might cause performance issues. 

Upgraded Activemq will be available in 6.6, so it will work with NIO and specific protocols.