Does CA Spectrum OneClick support TLSv1.1 and TLSV1.2

Document ID : KB000057357
Last Modified Date : 14/02/2018
Show Technical Document Details

QUESTION:  Does CA Spectrum OneClick support TLSv1.1 and TLSV1.2

 

ANSWER: JRE 1.7 update 51 was officially supported started with Spectrum 09.03.00.00. With the support of JRE 1.7, CA Spectrum OneClick can be configured to use TLSv1.1 and TLSv1.2. For example, the $SPECROOT/tomcat/conf/server.xml file on the OneClick system can be configured as follows:

 

<Connector

           port="443" minProcessors="5" maxProcessors="75"

           enableLookups="true" disableUploadTimeout="true"

           acceptCount="100" debug="0" scheme="https" secure="true" SSLEnabled="true"

           clientAuth="false" sslProtocol="TLS"

           sslEnabledProtocols="TLSv1.1,TLSv1.2"

           ciphers="TLS_RSA_WITH_AES_256_CBC_SHA"                         

           keystoreFile="<SPECROOT>/custom/keystore/cacerts"

           keystorePass="changeit">

  </Connector>