We would like to make our AdminUI Servers more secure and remove the old out dated TLSv1.0 and TLSv1.1 SSL Protocols from the AdminUI. Is this possible and if so, how can we accomplish that?
To disable the SSL Protocols TLSv1.0 and TLSv1.1 in the AdminUI you will need to edit the server.xml file that can be found at the location: /opt/CA/siteminder/adminui/server/default/deploy/jbossweb.sar/server.xml
Find the line that has "<Connector SSLEnabled......."
There will be an attribute for the tag named sslProtocols it will have a value of "TLSv1,TLSv1.1,TLSv1.2"
You will need to remove the TLSv1,TLSv1.1 part of the string so it looks like the following:
sslProtocols = "TLSv1.2"
Save the server.xml file and stop-start the AdminUI and it should only accept TLSv1.2 SSL Protocol connections.