Security scans revealed Spectrum processes are not TLS version compliant.  How can Spectrum processes be configured to not use TLSv1 or TLSv1.1

CORBA communication is not configured for specific TLS version

Release:
Component: SPCCSS

This is resolved in CA Spectrum 10.3 and above.  To resolve this in 10.1.x and 10.2.x, edit the $SPECROOT/.corbarc and $SPECROOT/.jcorbarc and add the following entries to the "#Security related settings" section:


vbroker.security.client.socket.enabledProtocols=TLS_Version_1_2_Only
vbroker.security.server.socket.enabledProtocols=TLS_Version_1_2_Only

For example, it will look like this:

# Security related settings
#
vbroker.security.disable=false
vbroker.security.transport.protocol=TLSv1
vbroker.security.secureTransport=true
vbroker.security.server.transport=ALL
vbroker.security.alwaysSecure=false
vbroker.security.requireAuthentication=false
vbroker.security.peerAuthenticationMode=NONE
vbroker.security.client.socket.enabledProtocols=TLS_Version_1_2_Only
vbroker.security.server.socket.enabledProtocols=TLS_Version_1_2_Only

Once you have made the changes, restart the SpectroSERVER and processd.