Symantec Privileged Access Management

 View Only
  • 1.  Disable TLS cipher

    Posted 15 days ago
    Hi Supports,

    After unchecking the ciphers check box (following this step Enable or Disable TLS Ciphers (broadcom.com)) and click on update, it prompts to reboot PAM appliance for the changes to take affect. However, after reboot, the ciphers setting will change back to default. Did I miss any steps before disable the ciphers?

    Regards,
    Atifah


  • 2.  RE: Disable TLS cipher

    Broadcom Employee
    Posted 15 days ago
    hi Atifah,

    After unchecking the cipher's check box, did you modify any of the values on this page? If none of the values are modified, and you click on update, you will get the following message.


    This does not prompt a reboot.

    Are you sure that you did not modify/change the certificate that is being used by CA PAM, under Configuration, Security, Certificates, and then the 
    Set tab, if yes then a reboot will be done for making use of the new certificate that is set.

    Thanks,
    Reatesh.



  • 3.  RE: Disable TLS cipher

    Posted 12 days ago
    Hi Reatesh,

    I did refer to this step Enable or Disable TLS Ciphers (broadcom.com). On the last steps, it did mention to reboot "After changing the cipher list, a message appears that a reboot is needed. Reboot the node. This message displays until the node is rebooted."

    Below screenshot for your reference.

    Whenever we reboot, the settings will change to default.

    Regards,
    Atifah



  • 4.  RE: Disable TLS cipher

    Posted 11 days ago
    Hi Guys,

    Does anyone have encounter same issue as mine? Whenever we disable by uncheck the box and update. It will ask for reboot, after reboot the settings will change back to default.

    Regards,
    Atifah


  • 5.  RE: Disable TLS cipher

    Broadcom Employee
    Posted 11 days ago
    Hi Atifah, I can't speak for anyone, but on my server the custom selection sticks.


  • 6.  RE: Disable TLS cipher

    Posted 10 days ago
    Hi Ralf,

    If customer have more than one node, do you think we should update all the nodes first and then reboot?

    Regards,
    Atifah


  • 7.  RE: Disable TLS cipher

    Broadcom Employee
    Posted 10 days ago
    This is a local setting, it should not replicate across a cluster. If it is not working for you, please open a case with PAM Support.