Disable TLS 1.0 on Webtier server
Are there any issues with disabling TLS 1.0 on the Wetier server? We're running 8.4 patch 11 and the Webtier is running Windows OS. If we disable TLS 1.0 on just the Webtier, will this affect the primary auth manager and replicas?
AM 8.4 only accepts TLSv1.2, so you should be fine between Web Tier and primary and any replicas. You might need to verify if any user browsers need to do TLSv1.0, or any load balancers you have in front of Web Tiers, but this will flush those users out.
I have an 188.8.131.52.0 webtier, and by default, this is what is allowed or not
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK)
SSLv3 not offered (OK)
TLS 1 not offered
TLS 1.1 offered (deprecated)
TLS 1.2 offered (OK)
TLS 1.3 not offered and downgraded to a weaker protocol
NPN/SPDY not offered
ALPN/HTTP2 not offered