Layer7 API Management

Expand all | Collapse all

How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4

Jump to Best Answer
  • 1.  How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4

    Posted 03-26-2020 04:59 AM
    Please provide information how to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4 .


  • 2.  RE: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4

    Posted 03-26-2020 06:11 PM
    You can do it on listen port properties window,
    login policy manager -> Tasks -> Transports -> Manage Listen Ports,



    Regards,
    Mark



  • 3.  RE: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4

    Posted 03-27-2020 01:30 AM
    Zhijun thanks a lot. I need to do it for all the four ports. After the changes any restart required? PFB:

    Then how can I understand that the disable is done?  Kindly assist :

    Regards,
    Anirban


  • 4.  RE: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4

    Posted 03-27-2020 11:47 AM
    Hello Anirban,

    Restart is not required.
    To check if the changes are effective, you can use curl as below.

    You should get error for below calls
    curl -v -k https://<<host>>:<<port>> --tlsv1.1
    curl -v -k https://<<host>>:<<port>> --tlsv1.0

    You should get proper fault response from gateway for below call
    curl -v -k https://<<host>>:<<port>> --tlsv1.2


  • 5.  RE: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4

    Posted 03-27-2020 03:05 PM
    Edited by Sandeep Dube 22 days ago
    Hi Adarsh,
                       I got couple of step in the below link:
                       How to Disable TLS 1.0 in the CA API Gateway and E - CA Knowledge

    Kindly confirm that should I need to follow the steps mention in the above link or changing from the policy manager only is fine?


    Regards
    Sandeep


  • 6.  RE: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4

    Posted 03-27-2020 03:25 PM
    Edited by Sandeep Dube 22 days ago
    Hi Adarsh,
                       The curl command you mentioned above I run & got the attached result . It's same for all the three port. Yet to disable TLS through policy manager. Please guide & PFB:

    ====================================================================================================
    <?xml version="1.0" encoding="UTF-8"?>
    <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
        <soapenv:Body>
            <soapenv:Fault>
                <faultcode>soapenv:Server</faultcode>
                <faultstring>Policy Falsified</faultstring>
                <faultactor>https://<<host>>:9443/</faultactor>
                <detail>
                    <l7:policyResult
                        status="Service Not Found.  The request may have been sent to an invalid URL, or intended for an unsupported operation." xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
                </detail>
            </soapenv:Fault>
        </soapenv:Body>
    </soapenv:Envelope>
    * Closing connection 0
    * schannel: shutting down SSL/TLS connection with <<host>> port 9443
    * schannel: clear security context handle

    ======================================================================================================

    Regards,
    Sandeep


  • 7.  RE: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4

    Posted 03-30-2020 04:18 PM
    Hi,
          Is there any one to address my query. Please address . It's pending since long.



  • 8.  RE: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4
    Best Answer

    Posted 03-31-2020 05:43 AM
    Hi Anirban,

    The solution has already been provided by Mark.
    i.e login policy manager -> Tasks -> Transports -> Manage Listen Ports-->Disable TLS1.0 and TLS1.1

    Are you facing any issue implementing this?

    Once you disable, you can use the curl calls to validate.
    As of now, you get response to all 3 curls commands. Once you disable the TLS1.0 and TLS1.1, you should be getting results only for TLS1.2

    Thanks,
    Adarsh