How to configure an standalone Data Aggregator configured for HTTPS to no longer accept TLSv1.1
Article ID: 192052
Updated On:
Products
CA Infrastructure Management
CA Performance Management - Usage and Administration
DX NetOps
Issue/Introduction
How to configure an standalone Data Aggregator configured for HTTPS to no longer accept TLSv1.1
Environment
Release : 3.7
Component : IM Reporting / Admin / Configuration
Resolution
To configure a standalone Data Aggregator configured for HTTPS to no longer accept TLSv1.1
you can add TLSv1.1 to the excludeProtocols list as follows:
1) In the file:
/opt/IMDataAggregator/apache-karaf-2.4.3/etc/jetty.xml
Change:
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>TLSv1</Item>
<Item>SSLv3</Item>
<Item>SSLv2</Item>
<Item>SSLv2Hello</Item>
</Array>
</Set>
To:
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>TLSv1.1</Item>
<Item>TLSv1</Item>
<Item>SSLv3</Item>
<Item>SSLv2</Item>
<Item>SSLv2Hello</Item>
</Array>
</Set>
2) Restart the Data Aggregator;
systemctl stop dadaemon
systemctl start dadaemon
Note that this would need to be reconfigured if the HTTPS configuration is reconfigured.
you can add TLSv1.1 to the excludeProtocols list as follows:
1) In the file:
/opt/IMDataAggregator/apache-karaf-2.4.3/etc/jetty.xml
Change:
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>TLSv1</Item>
<Item>SSLv3</Item>
<Item>SSLv2</Item>
<Item>SSLv2Hello</Item>
</Array>
</Set>
To:
<Set name="excludeProtocols">
<Array type="java.lang.String">
<Item>TLSv1.1</Item>
<Item>TLSv1</Item>
<Item>SSLv3</Item>
<Item>SSLv2</Item>
<Item>SSLv2Hello</Item>
</Array>
</Set>
2) Restart the Data Aggregator;
systemctl stop dadaemon
systemctl start dadaemon
Note that this would need to be reconfigured if the HTTPS configuration is reconfigured.
Feedback
Yes
No
Powered by
