How do we disabled the old TLS protocols for the R12.52 Admin UI

Document ID : KB000117459
Last Modified Date : 12/10/2018
Show Technical Document Details
Question:
We would like to make our AdminUI Servers more secure and remove the old out dated TLSv1.0 and TLSv1.1 SSL Protocols from the AdminUI. Is this possible and if so, how can we accomplish that?
Environment:
12.52 SP1
Answer:
To disable the SSL Protocols TLSv1.0 and TLSv1.1 in the AdminUI you will need to edit the server.xml file that can be found at the location: /opt/CA/siteminder/adminui/server/default/deploy/jbossweb.sar/server.xml

Find the line that has "<Connector SSLEnabled......."

There will be an attribute for the tag namedĀ sslProtocols it will have a value of "TLSv1,TLSv1.1,TLSv1.2"

You will need to remove the TLSv1,TLSv1.1 part of the string so it looks like the following:

sslProtocols = "TLSv1.2"

Save the server.xml file and stop-start the AdminUI and it should only accept TLSv1.2 SSL Protocol connections.