Disable TLSv1 and 1.1

Disable TLSv1 and 1.1

TLS settings and options

Disable TLSv1 and 1.1

Applications Manager supports TLSv1, TLSv1.1, TLS v1.2 and TLSv1.3 by default. However, all major browsers have deprecated TLSv1 and TLSv1.1 in their latest versions.
If your browser does not support TLSv1.2/TLSv1.3, upgrade it and then follow the below steps.
Steps to disable TLSv1 and TLSv1.1 in Applications Manager :
  1. v15250 or above:
    Can be done directly from Applications Manager web console by enabling the below option:
    Disable TLSv1 and TLSv1.1 protocols for HTTPS port under Admin -> Product Settings -> Security Settings.
  2. v14680 to v15240:
    Can be done directly from Applications Manager web console by disabling below option
    Enable TLSv1 and TLSv1.1 protocols for HTTPS port under Admin -> Global Settings.
  3. v14670 and below:
    Follow the steps given below :
    1. Open server.xml file located under <Applications Manager Home>/working/apache/tomcat/conf/backup/ directory with a text editor.
    2. Search for the key sslEnabledProtocols and change its value to TLSv1.2 and save the file.
      i.e : sslEnabledProtocols="TLSv1.2" 
  4. Restart Applications Manager for the changes to take effect. 
Now, HTTPS communication of Applications Manager will be done only through TLSv1.2/TLSv1.3 protocol.

General notes 

  1. If you are manually editing a file, always take a backup of that file and use it to replace it back in case of any issues.
  2. Disabling HTTP port is preferred compared to redirecting HTTP traffic to HTTPS.
  3. Check supported TLS protocols and ciphers using nmap in command terminal.
    nmap --script ssl-enum-ciphers -p [https-port] [hostname/ip-address]
  4. TLSv1.3 is now supported in Applications Manager from v16430.

Feel free to contact appmanager-support@manageengine.com in case of further questions.


                  New to ADSelfService Plus?

                    • Related Articles

                    • Disable HTTP access in Applications Manager

                      Overview This article describes configuring a secure connection between Applications Manager server and the browser/client. Applications Manager can be accessed through any of the following URLs: For HTTP  -> http://[hostname/ip-address]:[http-port] ...
                    • How to enable and disable distributed tracing in PHP applications?

                      To enable distributed tracing, set the "zpa.capture distributed trace" directive to "1" in the zpa.ini (Linux) or php.ini (Windows). Similarly, to disable, set to "0." To enable distributed tracing: In the zpa.ini (Linux) or php.ini (Windows), ...
                    • How to enable or disable exception tracking in the PHP agent?

                      To enable exception tracking, set the zpa.track_exceptions directive to 1 in the zpa.ini (Linux) or php.ini (Windows). Similarly, to disable it, set it to 0. To enable error tracking: zpa.track_exceptions = 1 To disable error tracking: ...
                    • How to enable or disable thread profiling in the Java agent?

                      The APM Insight Java agent v6.0 is designed to enable thread profiling by default and runs every eight hours (since JVM start) for five minutes to identify and instrument the slow methods in your application. You can also disable thread profiling by ...
                    • How to enable or disable error tracking in the PHP agent?

                      To enable error tracking, set the zpa.track_errors directive to 1 in the zpa.ini (Linux) or php.ini (Windows) file. Similarly, to disable, set it to 0. To enable error tracking: zpa.track_errors = 1 To disable error tracking: zpa.track_errors = 0 To ...