Disable TLSv1 and 1.1

Disable TLSv1 and 1.1

TLS settings and options

Disable TLSv1 and 1.1

Applications Manager supports TLSv1, TLSv1.1 and TLS v1.2 by default. However, all major browsers have deprecated TLSv1 and TLSv1.1 in their latest versions.
If your browser does not support TLSv1.2, upgrade it and then follow the below steps.
Steps to disable TLSv1 and TLSv1.1 in Applications Manager :
  1. v15250 or above:
    Can be done directly from Applications Manager web console by enabling the below option:
    Disable TLSv1 and TLSv1.1 protocols for HTTPS port under Admin -> Product Settings -> Security Settings.
  2. v14680 to v15240:
    Can be done directly from Applications Manager web console by disabling below option
    Enable TLSv1 and TLSv1.1 protocols for HTTPS port under Admin -> Global Settings.
  3. v14670 and below:
    Follow the steps given below :
    1. Open server.xml file located under <Applications Manager Home>/working/apache/tomcat/conf/backup/ directory with a text editor.
    2. Search for the key sslEnabledProtocols and change its value to TLSv1.2 and save the file.
      i.e : sslEnabledProtocols="TLSv1.2" 
  4. Restart Applications Manager for the changes to take effect. 
Now, HTTPS communication of Applications Manager will be done only through TLSv1.2 protocol.

General notes 

  1. If you are manually editing a file, always take a backup of that file and use it to replace it back in case of any issues.
  2. Disabling HTTP port is preferred compared to redirecting HTTP traffic to HTTPS.
  3. Check supported TLS protocols and ciphers using nmap in command terminal.
    nmap --script ssl-enum-ciphers -p [https-port] [hostname/ip-address]
  4. Currently, TLSv1.3 is not supported in Applications Manager.

Feel free to contact appmanager-support@manageengine.com in case of further questions.


      • Related Articles

      • Disable HTTP access in Applications Manager

        Overview This article describes configuring a secure connection between Applications Manager server and the browser/client. Applications Manager can be accessed through any of the following URLs: For HTTP  -> http://[hostname/ip-address]:[http-port] ...
      • Can I disable instrumentation of third party packages?

              Yes, you can exclude specific classes, methods or application packages from being instrumented by the Java agent.       To exclude packages from being instrumented, implement the following steps: Add the below key in apminsight.conf file     ...
      • Azure Kubernetes Service(AKS) Troubleshooting FAQs

        Azure Kubernetes Service(AKS) monitor can be configured only if you have already added a Microsoft Azure monitor in Applications Manager. Ensure that you have met all the prerequisites for the Microsoft Azure monitor before monitoring Azure ...
      • Hide Server Banner and Product Info from HTTP Header

        A server banner may display information about the underlying hosting environment. Usually in Applications Manager, the information that can be exposed is the product name: Server: AppManager For security purposes, it may be desirable to disable the ...
      • Data is not being populated in the monitor, but is visible when the script is executed in the Powershell Window

        Problem: Data is not being populated in the monitor, but is visible when the script is executed in the Powershell Window. Solution: The problem could be due to the any of the following: 1) Verify if AppManager service has permission to run the ...