In order to remediate vulnerabilities associated with SSL, I'm looking for information describing how to disable SSL 2.0 and 3.0. Thanks!
Kindly be advised that this can be done on AM 8.1 SP1 P13 or later, so please follow the below
Enable/Disable Strict TLS1.2 mode with automatic restart Go to path /opt/rsa/am/utils ./rsautil store -a enable_min_protocol_tlsv1_2 true restart ./rsautil store -a enable_min_protocol_tlsv1_2 false restart Repeat the steps on each Authentication Manager instance Restart the webtier services on the webtier machine (webtier,bootstrapper) There is no need to perform update button on the webtier
So kindly check and advise us back if there is any assistance needed from our side.
SSLv2 is disabled, TLS1 has been preferred for a while, but if you want to prevent negotiation down to SSLv3, either setup a new AM 8.2 server, or patch up to later AM 8.1 SP1 P13 or higher but also if you have Windows agents they need to be upgraded to 7.3.1. There are TLS scripts that can be run on AM server and Web Tiers to update the SSL negotiation to only allow TLSv1.2 - But NOTE, doing so on AM 8.1 will break RADIUS.
The attached KB allows you to prevent SSLv3 on an Internet facing Web Tier, without disabling it on AM 8.1 SP1 server
RSA SecurID Access Link and search for TLS or SSLv3 might have some more details
Retrieving data ...