Disable SSL and TLS protocols in Service Management

book

Article ID: 186155

calendar_today

Updated On:

Products

CA Service Management - Service Desk Manager CA Service Desk Manager - Unified Self Service CA Service Desk Manager

Issue/Introduction

How to disable SSL 2.0 and 3.0 and Use TLS 1.1 (with approved cipher suites) or higher instead.

Environment

Release : 17.0 and later

Component : CA Service Management

Resolution

The process involves modifying the server.xml file that Tomcat uses.  You will need to locate the server.xml in these locations:
 
Baseline Tomcat implementation: 
$NX_ROOT\bopcfg\www\CATALINA_BASE\conf 
 
Federated Search:
$NX_ROOT\bopcfg\www\CATALINA_BASE_FS\conf
 
REST Web Services:
$NX_ROOT\bopcfg\www\CATALINA_BASE_REST\conf
 
Support Automation:
$NX_ROOT\bopcfg\www\CATALINA_BASE_SA\conf
 
Visualizer:
$NX_ROOT\bopcfg\www\CATALINA_BASE_VIZ\conf
 
Using the server.xml defined in USS as an example:
 
1. Locate server.xml in Tomcat being used by USS (Liferay) and take a backup of the file. The path should be similar to: C:\Program Files\CA\Self Service\OSOP\tomcat-7.0.40\conf\server.xml

2. Locate the section to configure SSL searching for <Connector port="8443" protocol="HTTP/1.1" 

3.  Set the following in the connector:

sslProtocols="TLS" SSLEnabled="true" sslEnabledProtocols="TLSv1.1, TLSv1.2"

Example:




4. Save Changes

5. Restart Services.

Additional Information

How To Configure SSL for Tomcat With Unified Self Service (USS)?

 


Remediation Steps to Secure CA Service Desk Manager from POODLE Vulnerability (CVE-2014-3566)

https://knowledge.broadcom.com/external/article?articleId=29169

Attachments