AnsweredAssumed Answered

TLS 1.2 enabled on Web Tier but still shows TLS 1.1 enabled

Question asked by Stephen Martin on Mar 14, 2019
Latest reply on Mar 15, 2019 by Edward Davis

So, I followed this document (https://community.rsa.com/docs/DOC-86113) and enabled strict TLS1.2 on my RSA environment. Trouble is when I run SSLLabs.com against my external URL it still seems to say that it sees TLS1.1 enabled. I would think that when I run the command ./rsautil store -a enable_min_protocol_tlsv1_2 true restart that it would do just that, and actually strictly force TLS1.2.

 

After running the process, and waiting for it to do its magic, the process said that it was successful and both the web tier boxes were rebooted and show online and healthy after the reboot. It even showed a status on them that said “requires restart” before I went to restart them, meaning it noticed the command line change from the OC side. I suspect that maybe it doesn’t allow TLS1.1, even though these online tools say they still see it available though. The reason I say that is that all of the handshakes that happen on the SSLLabs.com site only show TLS1.2, which is rather telling.

 

Questions:

How do I confirm TLS 1.1 is not working as I'll fail my external audit if TLS 1.1 is enabled.?

Is there any known issues with this article when 8.4.0.1.0 is the current version.? 

Outcomes