How to configure policy manager .bat file to use specific TLS version

Document ID : KB000010280
Last Modified Date : 14/02/2018
Show Technical Document Details
Introduction:

We have seen users to trying to launch policy manager using .bat file. this article explain how to edit policy manager .bat file to use specific TLS version

Background:

if you have a requirement where you want to disable usage of TLS 1.0 across all ports of the gateway, below is what needs to be added to policy manager .bat file to allow policy manager to connect to the gateway using TLS 1.1 or TLS 1.2

Instructions:

1. Login to Policy Manager using port number 9443.
2. Navigate to manage listening ports and choose 8443 and click properties.
3. Uncheck TLS 1.0 and check TLS 1.1 or TLS 1.2 according to requirement.
4. Navigate to the policy manager .bat file found in the same directory where the Policy Manager executable resides.
5. And add -Dhttps.protocols=TLSv1.1 or -Dhttps.protocols=TLSv1.2, add it just after commandline=javaw
6. Make sure you then completely close the Policy Manager and start it fresh, so that it can pick up the new parameters from the .bat file.

You can add the same to .ini file of the policy manager, in such case use .exe to launch policy manager, bat file does not call the exe and probably does not therefore use the .ini file. Looking at the .bat file contents it defines its own java params.