Hi Anirban,
The solution has already been provided by Mark.
i.e login policy manager -> Tasks -> Transports -> Manage Listen Ports-->Disable TLS1.0 and TLS1.1
Are you facing any issue implementing this?
Once you disable, you can use the curl calls to validate.
As of now, you get response to all 3 curls commands. Once you disable the TLS1.0 and TLS1.1, you should be getting results only for TLS1.2
Thanks,
Adarsh
Original Message:
Sent: 03-30-2020 04:18 PM
From: Anirban Chakraborty
Subject: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4
Hi,
Is there any one to address my query. Please address . It's pending since long.
Original Message:
Sent: 03-27-2020 03:25 PM
From: Anirban Chakraborty
Subject: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4
Hi Adarsh,
The curl command you mentioned above I run & got the attached result . It's same for all the three port. Yet to disable TLS through policy manager. Please guide & PFB:
====================================================================================================
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
<soapenv:Body>
<soapenv:Fault>
<faultcode>soapenv:Server</faultcode>
<faultstring>Policy Falsified</faultstring>
<faultactor>https://<<host>>:9443/</faultactor>
<detail>
<l7:policyResult
status="Service Not Found. The request may have been sent to an invalid URL, or intended for an unsupported operation." xmlns:l7="http://www.layer7tech.com/ws/policy/fault"/>
</detail>
</soapenv:Fault>
</soapenv:Body>
</soapenv:Envelope>
* Closing connection 0
* schannel: shutting down SSL/TLS connection with <<host>> port 9443
* schannel: clear security context handle
======================================================================================================
Regards,
Anirban
Original Message:
Sent: 03-27-2020 11:46 AM
From: Adarsh Shetty
Subject: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4
Hello Anirban,
Restart is not required.
To check if the changes are effective, you can use curl as below.
You should get error for below calls
curl -v -k https://<<host>>:<<port>> --tlsv1.1
curl -v -k https://<<host>>:<<port>> --tlsv1.0
You should get proper fault response from gateway for below call
curl -v -k https://<<host>>:<<port>> --tlsv1.2
Original Message:
Sent: 03-27-2020 01:29 AM
From: Anirban Chakraborty
Subject: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4
Zhijun thanks a lot. I need to do it for all the four ports. After the changes any restart required? PFB:
Then how can I understand that the disable is done? Kindly assist :
Regards,
Anirban
Original Message:
Sent: 03-26-2020 06:10 PM
From: Zhijun He
Subject: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4
You can do it on listen port properties window,
login policy manager -> Tasks -> Transports -> Manage Listen Ports,
Original Message:
Sent: 03-26-2020 04:59 AM
From: Anirban Chakraborty
Subject: How to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4
Please provide information how to disable TLS1.0 & 1.1 in layer 7 API Gateway 9.4 .