ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Jarvis: TSLv1.0 is supported on port 8443

book

Article ID: 187629

calendar_today

Updated On:

Products

CA Virtual Privilege Manager CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

Vulnerability scan has noted that TLSv1.0  is supported on port 8443.

How to restrict this to TLSv1.2 only?

Environment

Release : 1.0

Component : PRIVILEGED IDENTITY MANAGEMENT DOCUMENTATION

Resolution

In the tomcat server.xml, please find:
 
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="<path to keystore>" keystorePass="changeit" clientAuth="false" sslProtocol="TLS" />
 
Change:
 
sslProtocol="TLS" to sslProtocol="TLSv1.2" 
 
And add:
 
sslEnabledProtocols="TLSv1.2"
 
So that it looks like:
 
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" SSLEnabled="true" scheme="https" secure="true" keystoreFile="<path to keystore>" keystorePass="changeit" clientAuth="false" sslProtocol="TLSv1.2" sslEnabledProtocols="TLSv1.2" />
 
Then restart tomcat.