search cancel

PAMSC HOW TO DISABLE TLSv1.0 / TLSv1.1 ON PORT 8161

book

Article ID: 189649

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Port 8161 is used by ActiveMQ.

 

We are required by ISO to disable TLSv1.0 and 1.1.  Please advise on the procedure, just to disable TLS.

You can edit the C:\ActiveMQ\conf\jetty.xml and add the value below in that section. This will set it to only use tls 1.2

Let me know if you have any problems setting this

Joe Lutz

            <!-- HTTPS access to web console, protecting the login credentials -->
            <bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
               <constructor-arg ref="Server" />
                <constructor-arg>
                  <bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
                     <property name="keyStorePath" value="C:\ActiveMQ\conf\keystore.p12" />
                     <property name="keyStoreType" value="PKCS12" />
                     <property name="keyStorePassword" value="${keystorePassword}" />

                       <property name="IncludeProtocols" value="TLSv1.2" />

                  </bean>

Environment

Release : 14.0

Component : PAM SERVER CONTROL ENDPOINT WINDOWS

Resolution

Documented how to disable TLS 1.0 and 1.1 in Jetty

You can edit the C:\ActiveMQ\conf\jetty.xml and add the value below in that section. This will set it to only use tls 1.2

Let me know if you have any problems setting this

Joe Lutz

            <!-- HTTPS access to web console, protecting the login credentials -->
            <bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
               <constructor-arg ref="Server" />
                <constructor-arg>
                  <bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
                     <property name="keyStorePath" value="C:\ActiveMQ\conf\keystore.p12" />
                     <property name="keyStoreType" value="PKCS12" />
                     <property name="keyStorePassword" value="${keystorePassword}" />

                       <property name="IncludeProtocols" value="TLSv1.2" />

                  </bean>