- scattered documentation

Release : 9.2.0

Component : UIM - HUB

You need UIM v9.2.0 or higher to enable TLS 1.2 for hub <-> Robot communication:

CA Unified Infrastructure Management 9.2.0
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/9-0-2/release-notes/ca-uim-9-service-pack-1.html

See Release Comparison at:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/9-0-2/release-notes/release-comparison.html

and then refer to the section titled: Secure Hub and Robot

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/9-0-2/upgrading/ca-uim-upgrade-step-3-deploy-the-upgrade/upgrade-uim-server/secure-hub-and-robot-ca-uim-9-sp1.html


Hotfix site:
https://techdocs.broadcom.com/us/product-content/recommended-reading/technical-document-index/ca-unified-infrastructure-management-hotfix-index.html?r=2

Hotfixes that should be applied currently include:

hub-9.20HF6.zip
- or, hub_secure-9.20SHF6.zip for secure hubs

robot
robot_update-9.20HF9.zip
- or robot_update_secure-9.20SHF9.zip for secure robots

UMP902_HF2
- UMP 9.0.2 Hotfix 2

If you need to enable TLS for the tunnel configuration you can use the following which should also pass PCI as it is TLS1.2.

This works for hub version 7.93 or higher. 

1. In IM, open the hub GUI
2. Click on the Tunnels Tab
3. Make sure Server 'Active' is checked if this is the Tunnel Server
4. Under Security Settings click 'Custom'
5. Inside the Custom box utilize the following "AESGCM:!aNULL" 
6. Its recommended to recreate the SSL cert if one already existed.

At that point if you examine the hub.log on first start, and when the tunnels are initialized, you will see something to the effect of starting Tunnels with TLS Enabled.