Disable Secure Communications

Document ID : KB000071679
Last Modified Date : 12/03/2018
Show Technical Document Details
Question:
The Security Team has determined that the RA Management Server is using old versions of SSH and TLS protocols through Tomcat. How can we disable the TLS v1.x protocols ?
Answer:
By default we run tomcat with "TLSv1.2,TLSv1.1,TLSv1" 

You can disable the protocols you do no need in the server.xml file 
located in the RA_HOME\conf directory .

Search for the following connector on port 8443 

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
compression="on" 
compressionMinSize="102400" 
compressableMimeType="application/x-java-serialized-object" 
SSLEnabled="true" 
maxThreads="150" 
scheme="https" 
secure="true" 
clientAuth="false" 
sslEnabledProtocols="TLSv1.2,TLSv1.1,TLSv1" 
keyAlias="nolioserver" 
keystoreFile="conf/nolio.jks" 
keystorePass="n0L10~28307" 
maxSwallowSize="-1"> 
</Connector> 

If you want to force tomcat to use TLSv1.2 you can change the enabled protocols 

sslEnabledProtocols="TLSv1.2" 

And restart the re service . 

You have to do  this on the NAC and NES.