We have virtual applicances (primary and secondary) of Authentication Manager that are on 8.2 p5. We want to disable certain cipher suites and enable strict TLS 1_2, however when I checked on the openssl version of both machines, it was 0.9.8j. I looked through these forums and documentation, and it seems like it should have upgraded already to 1.0.x, but that hasn't happened.
I did see that 8.1 had a TPP 2.0 that updated openssl, but I'm worried that at this point a lot of those patches are back leveled, and I'm not sure if I should put that on.
I also noticed that it still seems like RC4 comes up in scans as "supported", but I did see articles about how to change the cipher suites to disable the ones we don't want / need.
Is there a way to update openssl, turn on strict TLS 1_2 (I have found articles for this) or should I try to install SP1, even if it backlevels 8.2 to patch 3? (Read this in the notes and a forum)
Thanks for your help!