A PCI DSS scan in our environment has detected some weaknesses in our environment.
How to prevent usage of weaker communication protocols?
Release : 14.1
Component : PAM SERVER CONTROL ENDPOINT WINDOWS
fips_only=1
This forces communication based on the LCA protocol, like policyfetcher - DH communication, to use TLSv1.2 over port 5249
Note, any setting for communication_mode in seos.ini is ignored if fips_only=1 is set.
Please see also our documentation
FIPS Compliance
crypto