Policy Manager Fails When Disabling TLS 1.0 On Listen Port

Document ID : KB000004287
Last Modified Date : 14/02/2018
Show Technical Document Details
Issue:

When disabling TLS 1.0 on a listen port and then attempting to launch policy manager while connecting on that specific port it will fail with the following error:

 

The SSL/TLS handshake with the Gateway has failed

Cause:

By default the policy manager application will only attempt to connect to the gateway over TLS 1.0

Resolution:

Force the policy manager application to connect to the gateway using TLS 1.2 as follows:

 

a) Make a backup copy of and then edit the "Layer 7 Policy Manager.ini" file on the server policy manager is being launched from for the version of the gateway you are connecting to. For example, it might be located here: 

 

C:\Program Files (x86)\Layer 7 Technologies\Layer 7 Policy Manager 8.3.00\Layer 7 Policy Manager.ini 

 

b) Add this to the "commandline" line: 

 

-Dhttps.protocols=TLSv1.2 

 

c) Save the edited file. 

 

d) Make a backup copy of and then edit the "Layer 7 Policy Manager.bat" file on the server policy manager is being launched from for the version of the gateway you are connecting to. For example, it might be located here: 

 

C:\Program Files (x86)\Layer 7 Technologies\Layer 7 Policy Manager 8.3.00\Layer 7 Policy Manager.bat 

 

e) Add this to the "@jre\bin\java" line: 

 

-Dhttps.protocols=TLSv1.2 

 

f) Save the edited file. 

 

g) Restart the policy manager and it should now successfully connect to the gateway.