PAMSC HOW TO DISABLE TLSv1.0 / TLSv1.1 ON PORT 8161

search cancel

PAMSC HOW TO DISABLE TLSv1.0 / TLSv1.1 ON PORT 8161

book

Article ID: 189649

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM) CA Privileged Access Manager - Cloakware Password Authority (PA) CA Privileged Access Manager - Server Control (PAMSC)

Issue/Introduction

Port 8161 is used by ActiveMQ.

We are required by ISO to disable TLSv1.0 and 1.1. Please advise on the procedure, just to disable TLS.

You can edit the C:\ActiveMQ\conf\jetty.xml and add the value below in that section. This will set it to only use tls 1.2

Let me know if you have any problems setting this

Joe Lutz


<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="C:\ActiveMQ\conf\keystore.p12" />
<property name="keyStoreType" value="PKCS12" />
<property name="keyStorePassword" value="${keystorePassword}" />

<property name="IncludeProtocols" value="TLSv1.2" />

</bean>

Environment

Release : 14.0

Component : PAM SERVER CONTROL ENDPOINT WINDOWS

Resolution

Documented how to disable TLS 1.0 and 1.1 in Jetty

You can edit the C:\ActiveMQ\conf\jetty.xml and add the value below in that section. This will set it to only use tls 1.2

Let me know if you have any problems setting this

Joe Lutz


<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector">
<constructor-arg ref="Server" />
<constructor-arg>
<bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory">
<property name="keyStorePath" value="C:\ActiveMQ\conf\keystore.p12" />
<property name="keyStoreType" value="PKCS12" />
<property name="keyStorePassword" value="${keystorePassword}" />

<property name="IncludeProtocols" value="TLSv1.2" />

</bean>

Feedback

thumb_up Yes

thumb_down No