Layer7 Access Management

How do we disabled the old TLS v1.1 protocol for the R12.8 Admin UI

  • 1.  How do we disabled the old TLS v1.1 protocol for the R12.8 Admin UI

    Posted 02-22-2019 04:40 AM

    Hello,

     

    Following technote 

     

    How do we disabled the old TLS protocols for the R - CA Knowledge 

     

    Is there the same for 12.8 version of adminUI ? 

    I tried to modify the /opt/application/CA/siteminder/adminui/standalone/configuration/standalone-full.xml and remove the TLSv1.1 protocol as above

     

    <https-listener enabled-cipher-suites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA" enabled-protocols="TLSv1.2" name="https" security-realm="SSLRealm" socket-binding="https"/>

     

    I deleted the deloy/data folder re-register the adminUI, But I'm still able to connect with TLS 1.1

     

    openssl s_client -connect <adminui-ip>:8443 -tls1_1

     

    Any idea ?

     

    Thank you,

    Julien.