How to configure an standalone Data Aggregator configured for HTTPS to no longer accept TLSv1.1

book

Article ID: 192052

calendar_today

Updated On:

Products

CA Infrastructure Management CA Performance Management - Usage and Administration DX NetOps

Issue/Introduction

How to configure an standalone Data Aggregator configured for HTTPS to no longer accept TLSv1.1

Environment

Release : 3.7

Component : IM Reporting / Admin / Configuration

Resolution

To configure a standalone Data Aggregator configured for HTTPS to no longer accept TLSv1.1
you can add TLSv1.1 to the excludeProtocols list as follows:

1) In the file:

/opt/IMDataAggregator/apache-karaf-2.4.3/etc/jetty.xml

Change:

<Set name="excludeProtocols">
    <Array type="java.lang.String">
        <Item>TLSv1</Item>
        <Item>SSLv3</Item>
        <Item>SSLv2</Item>
        <Item>SSLv2Hello</Item>
    </Array>
</Set>

To:

<Set name="excludeProtocols">
    <Array type="java.lang.String">
        <Item>TLSv1.1</Item>
        <Item>TLSv1</Item>
        <Item>SSLv3</Item>
        <Item>SSLv2</Item>
        <Item>SSLv2Hello</Item>
    </Array>
</Set>

2) Restart the Data Aggregator;

systemctl stop dadaemon
systemctl start dadaemon

Note that this would need to be reconfigured if the HTTPS configuration is reconfigured.