Disable TLSv1 and 1.1

Disable TLSv1 and 1.1

TLS settings and options

Disable TLSv1 and 1.1

Applications Manager supports TLSv1, TLSv1.1 and TLS v1.2 by default. However, all major browsers have deprecated TLSv1 and TLSv1.1 in their latest versions.
If your browser does not support TLSv1.2, upgrade it and then follow the below steps.
Steps to disable TLSv1 and TLSv1.1 in Applications Manager :
  1. v15250 or above:
    Can be done directly from Applications Manager web console by enabling the below option:
    Disable TLSv1 and TLSv1.1 protocols for HTTPS port under Admin -> Product Settings -> Security Settings.
  2. v14680 to v15240:
    Can be done directly from Applications Manager web console by disabling below option
    Enable TLSv1 and TLSv1.1 protocols for HTTPS port under Admin -> Global Settings.
  3. v14670 and below:
    Follow the steps given below :
    1. Open server.xml file located under <Applications Manager Home>/working/apache/tomcat/conf/backup/ directory with a text editor.
    2. Search for the key sslEnabledProtocols and change its value to TLSv1.2 and save the file.
      i.e : sslEnabledProtocols="TLSv1.2" 
  4. Restart Applications Manager for the changes to take effect. 
Now, HTTPS communication of Applications Manager will be done only through TLSv1.2 protocol.

General notes 

  1. If you are manually editing a file, always take a backup of that file and use it to replace it back in case of any issues.
  2. Disabling HTTP port is preferred compared to redirecting HTTP traffic to HTTPS.
  3. Check supported TLS protocols and ciphers using nmap in command terminal.
    nmap --script ssl-enum-ciphers -p [https-port] [hostname/ip-address]
  4. Currently, TLSv1.3 is not supported in Applications Manager.

Feel free to contact appmanager-support@manageengine.com in case of further questions.

      New to ADManager Plus?

        New to ADSelfService Plus?

          • Related Articles

          • Disable HTTP access in Applications Manager

            Overview This article describes configuring a secure connection between Applications Manager server and the browser/client. Applications Manager can be accessed through any of the following URLs: For HTTP  -> http://[hostname/ip-address]:[http-port] ...
          • How to enable and disable distributed tracing in PHP applications?

            To enable distributed tracing, set the "zpa.capture distributed trace" directive to "1" in the zpa.ini (Linux) or php.ini (Windows). Similarly, to disable, set to "0." To enable distributed tracing: In the zpa.ini (Linux) or php.ini (Windows), ...
          • Can I disable instrumentation of third party packages?

            Yes, you can exclude specific classes, methods or application packages from being instrumented by the Java agent. To exclude packages from being instrumented, implement the following steps: Add the below key in apminsight.conf file ...
          • Azure Kubernetes Service(AKS) Troubleshooting FAQs

            Azure Kubernetes Service(AKS) monitor can be configured only if you have already added a Microsoft Azure monitor in Applications Manager. Ensure that you have met all the prerequisites for the Microsoft Azure monitor before monitoring Azure ...
          • Enable TLS 1.2 alone in the EUM Agent

            Follow the below steps to enable TLS1.2 alone (disable TLS 1 & 1.1) Open the file server.xml present under EUMAgent\conf\backup folder. Search for the term 'SSLEnabled="true" '. Add the parameter 'sslEnabledProtocols="TLSv1.2" ' to the end of that ...