Turn off TLS 1.0 and 1.1. Use TLS 1.2

Document ID : KB000124572
Last Modified Date : 15/01/2019
Show Technical Document Details
Question:
We need to turn off TLS 1.0 and 1.1 and use only TLS 1.2 on our CA LDAP directories. Can you tell me how to do this? Thanks
Answer:
https://docops.ca.com/ca-directory/12-6/en/reference/commands-reference/set-ssl-command-configure-ssl

If user store is CA Directory DSA, you one can follow the same logic as mentioned in the link. 
i.e. protocol = tlsv12 <-- this needs to be set at DSA level. 

On the IDM side this would be at the application server level. We don't make any configurations with SSL. 

Look at DXHOME/config/servers/dsaname.dxi file for user store and see what is being 'sourced' in for SSL part. 
Once you know.. 
go to DXHOME/config/ssld folder and edit that .dxc file to have 'protocol=tlsv12' to tie down DSA to ONLY accept TLS1.2 connection and reject all others.