IMPS has incorrect value for TLS in im_ps.conf

book

Article ID: 211035

calendar_today

Updated On:

Products

CA Identity Manager

Issue/Introduction

Background:  IM r14.3cp2  on vApp

Noted an error message in im_ps.log upon startup that stated :

 

[15:15:27.053857:C07676F7] line 10 (TLSEnableFipsMode)
Invalid TLS protocol version is choosen:TLSv1.1. So, TLSv1, TLSv1_1 and TLSv1_2 enabled by default

 

When we reviewed the IMPS data configuration file, we see that it was defined incorrectly.

# The "TLSProtocolMin" Specifies minimum SSL/TLS protocol version that will be negotiated.
# And applicable values for TLSProtocolMin parameter are TLSv1_2, TLSv1_1, TLSv1 and SSLv3. The default value is "TLSv1".
TLSProtocolMin  TLSv1.1

 

 

No Impact

 

Workaround:   Use imps service ID to correct this file and update to  TLSv1_2.

Environment

Release : 14.3

Component : IdentityMinder(Identity Manager)

Resolution

When I try to cat the data directory this is what I see:

My min is TLSv1 not even TLSv1.1

this is 14.3 CP2, So we have to follow the doc to set this properly.

 

This is what my out of the box 14.4 shows:

 

Two possible solutions for this is to upgrade to 14.4, or follow the document below:

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/directory/14-1/reference/commands-reference/set-ssl-command-configure-ssl.html