search cancel

Disable SSL Protocols for PAM Server and Agent connections

book

Article ID: 190445

calendar_today

Updated On:

Products

CA Process Automation Base

Issue/Introduction

TLS 1.0 was found to be a vulnerable SSL protocol.  How to disable its usage in PAM?

Environment

Release : 4.3

Component : Process Automation

Resolution

Navigate to the c2osvcw.conf on your Process Automation server at /server/c20/bin/. Please add the following to the bottom of the file:

wrapper.java.additional.14=-Djdk.tls.client.protocols=TLSv1.1

Make sure to increment the number correctly. For example.,

wrapper.java.additional.10=xxxx
wrapper.java.additional.11=xxxx
wrapper.java.additional.12=xxxx
wrapper.java.additional.13=-Djdk.tls.client.protocols=TLSv1.1

We have to specifically tell it what TLS to allow. 1.1 or 1.2.

If multiple protocols are needed, encapsulate by quotes like the below.

Djdk.tls.client.protocols="TLSv1.1,TLSv1.2"