To disable weak TLS/SSL protocols

Disabling TLSv1/TLSv1.1 in AIS

The connections with TLSv1, TLSv1.1 and TLSv1.2 are enabled by default and no extra configuration is required. But for excluding the protocols we have to the set function “excludeProtocols” under “sslContextFactory” section in the jetty.xml file. So, adding TLSv1, TLSv1.1 to this exclude protocol list will make the server not to accept connections over TLSv1 and TLSv1.1.
Follow below steps for disabling the protocols:
Step 1: Open the jetty.xml file from location AdeptiaServer\ServerKernel\etc\jetty.
Step 2: Search excludeProtocols function.
Step 3: Enter the protocol name in between the item tag as shown in below image.
Disabling TLSv1/TLSv1.1 in Connect
For disabling the TLSv1 and TLSv1.1 protocol in Tomcat (Connect UI) we need to define the attribute sslEnabledProtocols in the server.xml file as sslEnabledProtocols="TLSv1.1+TLSv1.2". This will disable all the protocols except the allowed/enabled protocols (i.e. TLSv1.1 and TLSv1.2 in this case).
Follow below steps for disabling the protocols (i.e. TLSv1/TLSv1.1) on Tomcat 9.0 (Connect UI):-
Step 1: Stop Tomcat services and traverse to the location "<Tomcat installation directory>/conf".
Step 2: Open the server.xml file and search for an attribute SSLEnabled="true".
Step 3: Add the protocol which you need to enable in sslEnableProtocols attribute in the existing connector configuration as sslEnabledProtocols="TLSv1.2".
 Step 4: Save the server.xml file and restart the Tomcat services.
P.S:  For enabling more than one protocol we need to define them by using "+" as a separator.
Have more questions? Submit a request


Article is closed for comments.