search cancel

Symantec Identity Manager - Invalid TLS protocol version is choosen:TLSv1.1.

book

Article ID: 211035

calendar_today

Updated On:

Products

CA Identity Manager CA Identity Suite

Issue/Introduction

After applying TLS 1.2 Remediation the im_ps.log is throwing the below error:

Invalid TLS protocol version is choosen:TLSv1.1. So, TLSv1, TLSv1_1 and TLSv1_2 enabled by default

This will sometimes cause the IMPS to reject communication between itself and IM.

Environment

Release : 14.X

Component : IdentityMinder(Identity Manager)

Resolution

There are two causes to this issue.

1) Upon reviewing the im_ps.conf file located under ProvisioningServer/data

Search for TLSProtocolMin

Change:
TLSProtocolMin  "TLSv1.1"
To:
TLSProtocolMin “TLSv1_2”

2) Depending on how you modified the im_ps.conf sometimes the file isn't read correctly. 

Even with the proper declaration, try to change “TLSv1_2” to “TLSv1_1” and then back to “TLSv1_2” (For VAPP make sure you use the imps user 'su - imps')