Hi,
we encountered an issue while adding new targets for WAS Job Manager during Docs installation. Further analysis revealed that DMGR host can not connect to DOCS host via SSH - there was no agreement on KEX or allowed ciphers. The connection was closed from client side (DMGR) with error messages in rxa_msg.log:
CWMRI1028E: An error occurred while connecting to host 10.x.x.x, the error is CTGRI0001E The application could not establish a connection to 10.x.x.x. Error An error occurred creating the host.
Obviously, it was caused by recent changes in Rocky Linux 9. We solved the problem by update-crypto-policies --set LEGACY on both(!) servers and some restarts.
It seems that WAS uses crypto policies for java from the OS but I was unable to find any proof. I also tried to get more debug or trace in rxa_msg.log or rxa_trace.log but no settings worked to force WAS to increase loglevel for RXA component (Remote Execution and Access - com.ibm.tivoli.remoteaccess ).
Does anybody know how to change client-side SSH settings in WAS (8.5.5.26 in my case) or how to debug RXA? My goal is to enable better crypto-policy for SSH again.