Auditing has found that our Automic Tomcat server is accepting TLS 1.0 traffic. We need to disable TLS 1.0 and TLS 1.1.
To find out which version of SSL/TLS AWI is using, first connect to AWI, then use the information on the following site to determine which version of TLS is being used:
https://security.stackexchange.com/questions/19096/how-to-determine-if-a-browser-is-using-an-ssl-or-tls-connection/169418
This is the default secure connection string on the Tomcat server.xml
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
keyAlias="server" keystoreFile="conf\prod.jks" keystorePass="secure2468"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" />
Release : 12.x
Component : AUTOMATION ENGINE
Here is an example of a string that forces to use TLSv1.2:
<Connector port="8443" protocol="org.apache.coyote.http11.Http11Protocol"
keyAlias="server" keystoreFile="conf\prod.jks" keystorePass="secure2468"
maxThreads="150" SSLEnabled="true" scheme="https" secure="true"
clientAuth="false" sslProtocol="TLS" sslEnabledProtocols="TLSv1.2" />
Once implemented, you need to recycle Tomcat.