Turn off TLS 1.0 and 1.1. Use TLS 1.2

Document ID : KB000124572
Last Modified Date : 15/01/2019
Show Technical Document Details
We need to turn off TLS 1.0 and 1.1 and use only TLS 1.2 on our CA LDAP directories. Can you tell me how to do this? Thanks

If user store is CA Directory DSA, you one can follow the same logic as mentioned in the link. 
i.e. protocol = tlsv12 <-- this needs to be set at DSA level. 

On the IDM side this would be at the application server level. We don't make any configurations with SSL. 

Look at DXHOME/config/servers/dsaname.dxi file for user store and see what is being 'sourced' in for SSL part. 
Once you know.. 
go to DXHOME/config/ssld folder and edit that .dxc file to have 'protocol=tlsv12' to tie down DSA to ONLY accept TLS1.2 connection and reject all others.