ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Identity Manager - Invalid TLS protocol version is choosen:TLSv1.1.


Article ID: 211035


Updated On:


CA Identity Manager CA Identity Suite


After applying TLS 1.2 Remediation the im_ps.log is throwing the below error:

Invalid TLS protocol version is choosen:TLSv1.1. So, TLSv1, TLSv1_1 and TLSv1_2 enabled by default

This will sometimes cause the IMPS to reject communication between itself and IM.


Release : 14.X

Component : IdentityMinder(Identity Manager)


There are two causes to this issue.

1) Upon reviewing the im_ps.conf file located under ProvisioningServer/data

Search for TLSProtocolMin

TLSProtocolMin  "TLSv1.1"
TLSProtocolMin “TLSv1_2”

2) Depending on how you modified the im_ps.conf sometimes the file isn't read correctly. 

Even with the proper declaration, try to change “TLSv1_2” to “TLSv1_1” and then back to “TLSv1_2” (For VAPP make sure you use the imps user 'su - imps')