AnsweredAssumed Answered

How do we disabled the old TLS v1.1 protocol for the R12.8 Admin UI

Question asked by jnitot on Feb 22, 2019



Following technote 


How do we disabled the old TLS protocols for the R - CA Knowledge 


Is there the same for 12.8 version of adminUI ? 

I tried to modify the /opt/application/CA/siteminder/adminui/standalone/configuration/standalone-full.xml and remove the TLSv1.1 protocol as above


<https-listener enabled-cipher-suites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA" enabled-protocols="TLSv1.2" name="https" security-realm="SSLRealm" socket-binding="https"/>


I deleted the deloy/data folder re-register the adminUI, But I'm still able to connect with TLS 1.1


openssl s_client -connect <adminui-ip>:8443 -tls1_1


Any idea ?


Thank you,