Support for TLS 1.3 on the Siteminder AdminUI
Article ID: 280291
Updated On:
Products
Issue/Introduction
The Siteminder AdminUI only seems to work with TLS 1.1 and TLS 1.2.
Environment
[Siteminder]
COMPONENT: Administrative UI
OS: ANY
Cause
The 'standalone-full.xml' indicates that the Siteminder r12.8.8 AdminUI is running on JBOSS Wildfly 17.0
<?xml version="1.0" encoding="UTF-8"?><server xmlns="urn:jboss:domain:17.0">
Support for TLS 1.3 was introduced in JBOSS Wildfly 18.0, with the pre-requisite that JDK 11 be used.
JBOS Wildfly 17.0 is bundled with JDK 1.8.0_322-b06
Resolution
Siteminder r12.8.8 and lower cannot support TLSv1.3 connections between the web browser and the AdminUI. You currently limited to TLSv1.1 & TLSv1.2, and the cipher suites within those protocols.
=================
[Standalone-full.xml]
<server name="default-server">
<http-listener enable-http2="true" name="default" no-request-timeout="120000" redirect-socket="https" socket-binding="http"/>
<https-listener enable-http2="true" enabled-cipher-suites="SSL_RSA_WITH_RC4_128_MD5,SSL_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_RSA_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_DHE_RSA_WITH_AES_256_CBC_SHA" enabled-protocols="TLSv1.1,TLSv1.2" name="https" no-request-timeout="120000" security-realm="SSLRealm" socket-binding="https"/>
=================
NOTE: TLSv1.3 is supported between the Policy Server and the back-end data stores (e.g. Policy Store, Session Store, Audit Store, User Store). The AdminUI and Web Agents to Policy Server use key based encryption (ETPKI) and either FIPS or Non-Fips compliant ciphers.
Feedback
