Verify that TLS 1.0 and 1.1 have been deactivated across all Aria Automation and vIDM appliances.

Aria Automation 8.18.x

vIDM 3.3.7

• To verify which protocols are active, execute the following commands from a remote terminal:

  • openssl s_client -connect [Appliance-IP]:443 -tls1

  • openssl s_client -connect [Appliance-IP]:443 -tls1_1

  • openssl s_client -connect [Appliance-IP]:443 -tls1_2

  • openssl s_client -connect [Appliance-IP]:443 -tls1_3

• Success: A returned certificate means the protocol is ENABLED.

• Failure: An error message (e.g., error:SSL routines:ssl3_read_bytes:tlsv1 alert protocol or wrong version number.) means the protocol is DISABLED.

Note: TLS 1.0 and 1.1 are already disabled on Aria Automation and VMware Identity Manager (vIDM) appliances. For continued security:

1. Verify vIDM is restricted to TLS 1.2.

2. Verify Aria Automation supports TLS 1.2 and 1.3.

3. Apply the latest security patches found in CSP-102547 Patch Instructions for VMware Identity Manager 3.3.7 and VMware Aria Suite Lifecycle 8.18.0 Patch 6 and 7 to ensure the latest cipher suites and security fixes are implemented.