How to disable specific TLS protocols in Applications Manager

book

Article ID: 107026

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM)

Issue/Introduction

Disabling specific protocols forces client to server connections to use less vulnerable or only use a specific TLS protocol such as TLS 1.2.

How do I disable specific TLS protocols in Applications Manager for the Automation Engine(master), Remote Agent, and Java Web Clients

Environment

Release:
Component: APPMGR

Resolution

TLS protocols can be disabled by editing Java's java.security file and adding the TLS protocal that you want to disable to the below variable line. Please note this was tested and verified on Java 8.

Master's java.security:
jdk.tls.disabledAlgorithms=

Agent's java.security:
jdk.tls.disabledAlgorithms=

Client's java.security:
jdk.tls.disabledAlgorithms=

Example:
jdk.tls.disabledAlgorithms=TLSv1, TLSv1.1, SSLv3, RC4, MD5withRSA, DH keySize < 768, \
EC keySize < 224