Hello,
Following technote
How do we disabled the old TLS protocols for the R - CA Knowledge
Is there the same for 12.8 version of adminUI ?
I tried to modify the /opt/application/CA/siteminder/adminui/standalone/configuration/standalone-full.xml and remove the TLSv1.1 protocol as above
<https-listener enabled-cipher-suites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA" enabled-protocols="TLSv1.2" name="https" security-realm="SSLRealm" socket-binding="https"/>
I deleted the deloy/data folder re-register the adminUI, But I'm still able to connect with TLS 1.1
openssl s_client -connect <adminui-ip>:8443 -tls1_1
Any idea ?
Thank you,
Julien.