IMPS has incorrect value for TLS in im_ps.conf


Article ID: 211035


Updated On:


CA Identity Manager


Background:  IM r14.3cp2  on vApp

Noted an error message in im_ps.log upon startup that stated :


[15:15:27.053857:C07676F7] line 10 (TLSEnableFipsMode)
Invalid TLS protocol version is choosen:TLSv1.1. So, TLSv1, TLSv1_1 and TLSv1_2 enabled by default


When we reviewed the IMPS data configuration file, we see that it was defined incorrectly.

# The "TLSProtocolMin" Specifies minimum SSL/TLS protocol version that will be negotiated.
# And applicable values for TLSProtocolMin parameter are TLSv1_2, TLSv1_1, TLSv1 and SSLv3. The default value is "TLSv1".
TLSProtocolMin  TLSv1.1



No Impact


Workaround:   Use imps service ID to correct this file and update to  TLSv1_2.


Release : 14.3

Component : IdentityMinder(Identity Manager)


When I try to cat the data directory this is what I see:

My min is TLSv1 not even TLSv1.1

this is 14.3 CP2, So we have to follow the doc to set this properly.


This is what my out of the box 14.4 shows:


Two possible solutions for this is to upgrade to 14.4, or follow the document below: