How to enable TLS 1.2 in Access Gateway
search cancel

How to enable TLS 1.2 in Access Gateway

book

Article ID: 99216

calendar_today

Updated On:

Products

CA Single Sign On Secure Proxy Server (SiteMinder) CA Single Sign On SOA Security Manager (SiteMinder) CA Single Sign-On

Issue/Introduction

Use case:
Access Gateway need to use TLS 1.2 when connecting to its backend servers.


Environment

R12.52, 12.6, 12.7 and 12.8

Resolution

For the communications between Access Gateway and the backend web servers, server.conf file need to be updated. (in <SPS Home>/proxy-engine/conf): 

versions="TLSv1, TLSv1.1, TLSv1.2" 

The sample line above enables the three TLS versions and no other protocols/versions. Simply delete any TLS versions you do not want to enable from this line (SSL versions can be added, such as SSLv3, but most customers have abandoned SSL in favor of TLS only). 

 

For the communications between users' browsers and the SPS Apache server, edit the following line in <SPS Home>/httpd/extra/httpd-ssl.conf: 

Syntax: SSLProtocol [+|-]protocol

Examples:

To enable all protocols except SSLv2, SSLv3 and TLSv1.0
> SSLProtocol All -SSLv2 -SSLv3 -TLSv1 

To exclude all protocols and enable only TLSv1.2
> SSLProtocol -All +TLSv1.2

Additional Information

For managing Ciphers, update SSLCipherSuite

 

 

Powered by Wolken Software