how do I make CA Access Gateway uses TLS 1.2

Document ID : KB000099216
Last Modified Date : 20/03/2019
Show Technical Document Details
Customer needs to ensure that the TLS layer uses secure versions to communicate to backend servers
What are the steps to ensure CA Access Gateway is configured for TLS 1.2?
R12.52, 12.6, 12.7 and 12.8
For the communications between SPS and the backend web servers, you edit the following line in server.conf (under <SPS Home>/proxy-engine/conf): 

versions="TLSv1, TLSv1.1, TLSv1.2" 

The sample line above enables the three TLS versions and no other protocols/versions. Simply delete any TLS versions you do not want to enable from this line (SSL versions can be added, such as SSLV3, but most customers have abandoned SSL in favor of TLS only). 

For the communications between users' browsers and the SPS Apache server, edit the following line in <SPS Home/httpd/extra/httpd-ssl.conf: 

SSLProtocol all -SSLv2 -SSLv3 -TLSV1 

The sample line above will enable TLS1.1 and TLS1.2 and no other protocols/versions.