AnsweredAssumed Answered

How do we disabled the old TLS v1.1 protocol for the R12.8 Admin UI

Question asked by jnitot on Feb 22, 2019

Hello,

 

Following technote 

 

How do we disabled the old TLS protocols for the R - CA Knowledge 

 

Is there the same for 12.8 version of adminUI ? 

I tried to modify the /opt/application/CA/siteminder/adminui/standalone/configuration/standalone-full.xml and remove the TLSv1.1 protocol as above

 

<https-listener enabled-cipher-suites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA" enabled-protocols="TLSv1.2" name="https" security-realm="SSLRealm" socket-binding="https"/>

 

I deleted the deloy/data folder re-register the adminUI, But I'm still able to connect with TLS 1.1

 

openssl s_client -connect <adminui-ip>:8443 -tls1_1

 

Any idea ?

 

Thank you,

Julien.

Outcomes