You need UIM v9.2.0 or higher to enable TLS 1.2 for hub <-> Robot communication:
Unified Infrastructure Management 9.2.0
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/9-0-2/release-notes/ca-uim-9-service-pack-1.html
See Release Comparison at:
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/9-0-2/release-notes/release-comparison.html
and then refer to the section titled: Secure Hub and Robot
https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/it-operations-management/unified-infrastructure-management/9-0-2/upgrading/ca-uim-upgrade-step-3-deploy-the-upgrade/upgrade-uim-server/secure-hub-and-robot-ca-uim-9-sp1.html
Hotfix site:
https://techdocs.broadcom.com/us/product-content/recommended-reading/technical-document-index/ca-unified-infrastructure-management-hotfix-index.html?r=2
Hotfixes that should be applied currently include:
hub-9.20HF6.zip
- or, hub_secure-9.20SHF6.zip for secure hubs
robot
robot_update-9.20HF9.zip
- or robot_update_secure-9.20SHF9.zip for secure robots
UMP902_HF2
- UMP 9.0.2 Hotfix 2
If you need to enable TLS for the tunnel configuration you can use the following which should also pass PCI as it is TLS1.2.
This works for hub version 7.93 or higher.
At that point if you examine the hub.log on first start, and when the tunnels are initialized, you will see something to the effect of starting Tunnels with TLS Enabled.