SSv3L disabling an set TLSV1.0 only instructions.

Document ID : KB000015020
Last Modified Date : 14/02/2018
Show Technical Document Details

How to disable SSLv3 protocol from CA XCOM configssl.cnf and set TLSV only?

CONFIGSSL.CNF is used by CA XCOM Data Transport to configure OpenSSL.This file is located in the config directory in?XCOM home directory.

On the distributed versions of CA XCOM Data Transport you would specify SSL_METHOD to TLS in CONFIGSSL.CNF for to disable SSLv3 as follows:

# Mandatory, note that CA-XCOM supports v3, tlsv1, tlsv1.1, tlsv1.2.

# default "all"





The actual SSL and TLS protocols are further tuned through options. By using SSL_OPTION (and removing the unwanted protocol versions with SSL_OP_NO_SSLv2 and SSL_OP_NO_SSLv3), then you will effectively use TLS v1.0 and above, including TLS v1.2. You can also use SSL_OP_NO_TLSv1 and SSL_OP_NO_TLSv1_1 if you want to use the TLS 1.2 protocol only.

SSLv3 can be used only with FIPS_MODE=NO in XCOM.GLB. It uses the same cipher suites as TLSv1 with FIPS_MODE=NO.