Symantec Access Management

Expand all | Collapse all

Supported Versions of TLS for Webagents

Jump to Best Answer
  • 1.  Supported Versions of TLS for Webagents

    Posted 07-17-2018 10:35 AM

    Is there a location for a document stating what web agents and their versions are supported by TLS1.1/TLS1.2?

    I have not been able to find such a document or post on the communities and have a requirement to find out if shutting off TLS1.0 on an application server where a web agent lives will cause issues for the environment/agent installation.



  • 2.  Re: Supported Versions of TLS for Webagents

    Posted 07-17-2018 11:16 AM

    Hi ,

     

    Does Policy server use SSL/TLS channel for Web Agent Communication.

     

    Siteminder Policy server to Web Agent Communication is secured using Siteminder proprietary key(Session Key).

     

    Hence SSL/TLS questions or consideration is irrelevant for siteminder Policy server to Web Agent communication.

     

    Policy Server however use SSL/TLS protocols to communicate with external stores like User Store/Session Store etc.

     

    Refer :

    https://comm.support.ca.com/kb/does-policy-server-use-ssltls-channel-for-web-agent-communication/kb000041714

     

    Regards,

    Leo Joseph.



  • 3.  Re: Supported Versions of TLS for Webagents

    Posted 07-17-2018 11:22 AM

    The question is not if TLS/SSL is being used between the web agent and policy server but if TLS being disabled on the webserver would effect the webagent itself and its ability to read the web traffic. I have checked those articles but was more concerned with the webagent not reading web traffic.



  • 4.  Re: Supported Versions of TLS for Webagents
    Best Answer

    Posted 07-17-2018 12:47 PM

    Hi Taylor,

     

    The WebAgent is a plugin to the Web Server, if Webserver is not able to Accept any request when TLS is disabled, then this Request will never get to the agent.

    As long as your Webserver is able to accept the request over SSL regardless of the protocol, the Webserver will handle the request to the Agent plugin and we will process Request normally . 

     

    Regards 

    Joe