XS1: Disabling TLSv1. and TLS v1.1 in XS1

XS1: Disabling TLSv1. and TLS v1.1 in XS1

TLSv1 and TLSv1.1 algorithms can be disabled by adding them to 'jdk.tls.disabledAlgorithms' property in the 'c:\xs1\libraries\Java\jdk-11\conf\security\java.security' file in the XS1 application server.

 < before > # Example: #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \     EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC  < after > # Example: #   jdk.tls.disabledAlgorithms=MD5, SSLv3, DSA, RSA keySize < 2048 jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 1024, \     EC keySize < 224, DES40_CBC, RC4_40, 3DES_EDE_CBC, TLSv1, TLSv1.1 

Please note that the <after> setting will disable TLSv1 and TLSv1.1 algorithms for all the java applications running on that application server. 
 

    • Related Articles

    • XS1: Disabling TLS 1.0 and 1.1 on XS1 Application Server

      The XS1 application needs to be updated to disable TLS 1.0 and 1.1 via the Java.security file, then the Windows Registry on the application server must also be updated to disable TLS 1.0 and 1.1. 1. Disable TLS 1.0 and 1.1 in the applications ...
    • XIC: How to disable TLS 1.0 and 1.1 in JAVA 8

      TLS 1.0 and 1.1 can be disabled in JAVA 8 by making a change to the java.security file. Edit /security/java.security in JDK 8 and add TLS 1.0 and TLS 1.1 to the jdk.tls.disabledAlgorithms property by appending the following: TLSv1, TLSv1.1 If the ...
    • XTR: How to find the TLS version used in connection between GUI and Host.

      XYGATESW (Compliance PRO), XYGATERM, XYGATESM, XYGATEEM, XYGATECF use SSL encryption to connect to the host. The following methods can be used to verify the TLS version after the GUI application is connected to the host XTR. Run an XTR Audit report ...
    • XMA: XMA Softdoc contains an entry that mentions SQLXPress v 3.50.3. Should I be concerned?

      This entry was related to an old SQLXPress bug with AX. AX is not part of XMA - it is a piece of SQLXpress code, but is run by the XMA SQLXpress mover (if one is configured) to retrieve SQLXpress audit data. The issue referred to in the softdoc was ...
    • XHE: Error Message "533 Send AUTH TLS first."

      Check the TACL #PMSEARCHLIST to ensure that the XHE version of FTP will be picked up in the path before the HPE/some other version Check the HECONF file to ensure that there is an uncommented entry for SSL CLIENT If you are unable to locate the ...