TLS settings and options
Disable TLSv1 and 1.1
Applications Manager supports TLSv1, TLSv1.1 and TLS v1.2 by default. However, all major browsers have deprecated TLSv1 and TLSv1.1
in their latest versions.
If your browser does not support TLSv1.2, upgrade it and then follow the below steps.
Steps to disable TLSv1 and TLSv1.1 in Applications Manager :
- v15250 or above:
Can be done directly from Applications Manager web console by enabling the below option:
Disable TLSv1 and TLSv1.1 protocols for HTTPS port under Admin -> Product Settings -> Security Settings.
- v14680 to v15240:
Can be done directly from Applications Manager web console by disabling below option
Enable TLSv1 and TLSv1.1 protocols for HTTPS port under Admin -> Global Settings.
- v14670 and below:
Follow the steps given below :
- Open server.xml file located under <Applications Manager Home>/working/apache/tomcat/conf/backup/ directory with a text editor.
- Search for the key sslEnabledProtocols and change its value to TLSv1.2 and save the file.
i.e : sslEnabledProtocols="TLSv1.2"
- Restart Applications Manager for the changes to take effect.
Now, HTTPS communication of Applications Manager will be done only through TLSv1.2 protocol.
- If you are manually editing a file, always take a backup of that file and use it to replace it back in case of any issues.
- Disabling HTTP port is preferred compared to redirecting HTTP traffic to HTTPS.
- Check supported TLS protocols and ciphers using nmap in command terminal.
nmap --script ssl-enum-ciphers -p [https-port] [hostname/ip-address]
- Currently, TLSv1.3 is not supported in Applications Manager.