09-13-2017 12:32 AM - edited 03-14-2019 05:35 PM
Hi Folks,
We have cvp 10.0.1 and as per PCI complience we have to disable all the SSL versions and TLS 1.0 and 1.1 on tomcat server.
As per CVP compatibility guide it supports TLS v. 1.x therefore i need to know disbaling the TLS 1.0 and 1.2 have any impact on operation.
Also we have to disable it on UCCE servers as well however the tomcat server config in ucce machine doesn't contain any config related to ciphers. In this case if i copy the cvp tomcat server cipher config and put it in ucce tomcat will it work.
Thanks
Solved! Go to Solution.
09-14-2017 07:05 AM - edited 09-14-2017 07:06 AM
however with CUIC could you clarify if you r talking about CUIC connection with AW DB
I am. Try it and you will see. Go into the registry and disable the TLS providers for 1.0 and 1.1 and reboot the AW. I am going from memory here, but I am pretty sure CUIC will not bind to the AW-HDS under those conditions.
At a recent customer, who was in the Financial sector, they disabled TLS 1.0 and TLS 1.1 with Chef (server management software - you can Google it) and things broke, and we had to request exceptions to the general "recipes" used.
Regards,
Geoff
09-14-2017 06:00 AM
You are on an old version of UCCE that still requires TLS 1.0. If you turn it off, a couple of things will break: Internet Script Editor and the CUIC connection to the databases, for sure.
I know you are getting pressured by your PCI Compliance team, but expect problems if you disable it.
UCCE and CVP 11.6 is completely free of TLS 1.0 and TLS 1.1 requirements. Best thing is to get there.
Regards,
Geoff
09-14-2017 06:38 AM
HI Geoff,
Good to see you :). About ISE we re not using it however with CUIC could you clarify if you r talking about CUIC connection with AW DB or CVP reporting server DB.
Thank you
09-14-2017 07:05 AM - edited 09-14-2017 07:06 AM
however with CUIC could you clarify if you r talking about CUIC connection with AW DB
I am. Try it and you will see. Go into the registry and disable the TLS providers for 1.0 and 1.1 and reboot the AW. I am going from memory here, but I am pretty sure CUIC will not bind to the AW-HDS under those conditions.
At a recent customer, who was in the Financial sector, they disabled TLS 1.0 and TLS 1.1 with Chef (server management software - you can Google it) and things broke, and we had to request exceptions to the general "recipes" used.
Regards,
Geoff
10-11-2017 11:08 PM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide