How to disable specific TLS protocols in Automic or Applications Manager

book

Article ID: 107026

calendar_today

Updated On:

Products

CA Automic Applications Manager (AM) CA Automic Workload Automation - Automation Engine CA Automic Workload Automation - Automation Engine

Issue/Introduction

Disabling specific protocols forces client to server connections to use less vulnerable or only use a specific TLS protocol such as TLS 1.2.

How do I disable specific TLS protocols for the Automation Engine(master), Remote Agent, and Java Web Clients?

Environment

TLS 1.2

 

Resolution

TLS protocols can be disabled by editing Java's java.security file and adding the TLS protocol that you want to disable to the below variable line.

Please note this was tested and verified on Java 8:

Master's java.security:
jdk.tls.disabledAlgorithms=

Agent's java.security:
jdk.tls.disabledAlgorithms=

Client's java.security:
jdk.tls.disabledAlgorithms=

Example:
jdk.tls.disabledAlgorithms=TLSv1, TLSv1.1, SSLv3, RC4, MD5withRSA, DH keySize < 768, \
EC keySize < 224

Additional Information

More information here