I need to disable all SSLv3 , SSLv2, TLsV1.0 and TLSv1.1 from all my environments. I know that from IHS side, we should guarantee that users are using up to date browsers to avoid issues. But from App Server side, what needs to be checked with the application team?

Make sure that you are using a version of WAS and SDK that supports TLSv1.2.

There are two areas you need to take care of:

1. Where WAS is the service provider or SSL server i.e. a port which WebSphere is listening on. Change the Quality of  Protection settings. It is under SSLCertificate and key management --> SSL configurations --> NodeDefaultSSLSettings --> Quality of Protection (QoP) Settings.

From the drop down list for protocols select TLSv1.2.

Apply the changes.

2. Where WAS is a service consumer or SSL client. Here the protocol used is determined by $WASHOME/profiles/<profilename>properties/ssl.client.props file com.ibm.ssl.protocol property.

PS: If you are using WAS-ND. Make changes in the following order:

1. Change QoP in admin console for all nodes and DMgr to SSL_TLSv2. Resync and restart everything.

2. One node at a time change com.ibm.ssl.protocol property to TLSv1.2 and restart the node. Make sure that DMgr and node are still communicating with each other.

3. Change com.ibm.ssl.protocol property to TLSv1.2 property for DMgr and restart DMgr. Verify communications are good. 

4. One node at a time change QoP to TLSv1.2 in admin console. Resync and restart.

5. Finally change QoP for DMgr to TLSv1.2

---Sunit