search cancel

How to prevent usage of TLS v1 or SSL in PIM

book

Article ID: 189071

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC) CA Privileged Identity Management Endpoint (PIM)

Issue/Introduction

A PCI DSS scan in our environment has detected some weaknesses in our environment.
How to prevent usage of weaker communication protocols?

Environment

Release : 14.0

Component : PAM SERVER CONTROL ENDPOINT WINDOWS

Resolution

fips_only=1

This forces communication based on the LCA protocol, like policyfetcher - DH communication, to use TLSv1.2 over port 5249

Note, any setting for communication_mode in seos.ini is ignored if fips_only=1 is set.

Additional Information

Please see also our documentation

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/release-notes/fips-compliance.html

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager-server-control/14-1/reference/configuration-files/the-seos-ini-initialization-file/crypto.html