Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2311
Views
0
Helpful
4
Replies

Disable TLS and SSL on CVP tomcat

Go to solution
Sheraz Saeed Lodhi
Level 3
Level 3

‎09-13-2017 12:32 AM - edited ‎03-14-2019 05:35 PM

Hi Folks,

We have cvp 10.0.1 and as per PCI complience we have to disable all the SSL versions and TLS 1.0 and 1.1 on tomcat server.

As per CVP compatibility guide it supports TLS v. 1.x therefore i need to know disbaling the TLS 1.0 and 1.2 have any impact on operation.

 

Also we have to disable it on UCCE servers as well however the tomcat server config in ucce machine doesn't contain any config related to ciphers. In this case if i copy the cvp tomcat server cipher config and put it in ucce tomcat will it work.

 

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
geoff
Level 10
Level 10
In response to Sheraz Saeed Lodhi

‎09-14-2017 07:05 AM - edited ‎09-14-2017 07:06 AM

however with CUIC could you clarify if you r talking about CUIC connection with AW DB

I am. Try it and you will see. Go into the registry and disable the TLS providers for 1.0 and 1.1 and reboot the AW. I am going from memory here, but I am pretty sure CUIC will not bind to the AW-HDS under those conditions.

At a recent customer, who was in the Financial sector, they disabled TLS 1.0 and TLS 1.1 with Chef (server management software - you can Google it) and things broke, and we had to request exceptions to the general "recipes" used.

 

Regards,
Geoff

 

View solution in original post

0 Helpful
4 Replies 4

Go to solution
geoff
Level 10
Level 10

‎09-14-2017 06:00 AM

You are on an old version of UCCE that still requires TLS 1.0. If you turn it off, a couple of things will break: Internet Script Editor and the CUIC connection to the databases, for sure.

I know you are getting pressured by your PCI Compliance team, but expect problems if you disable it.

UCCE and CVP 11.6 is completely free of TLS 1.0 and TLS 1.1 requirements. Best thing is to get there. 

Regards,
Geoff

0 Helpful

Go to solution
Sheraz Saeed Lodhi
Level 3
Level 3
In response to geoff

‎09-14-2017 06:38 AM

HI Geoff,

Good to see you :). About ISE we re not using it however with CUIC could you clarify if you r talking about CUIC connection with AW DB or CVP reporting server DB.

 

Thank you

 

0 Helpful

Go to solution
geoff
Level 10
Level 10
In response to Sheraz Saeed Lodhi

‎09-14-2017 07:05 AM - edited ‎09-14-2017 07:06 AM

however with CUIC could you clarify if you r talking about CUIC connection with AW DB

I am. Try it and you will see. Go into the registry and disable the TLS providers for 1.0 and 1.1 and reboot the AW. I am going from memory here, but I am pretty sure CUIC will not bind to the AW-HDS under those conditions.

At a recent customer, who was in the Financial sector, they disabled TLS 1.0 and TLS 1.1 with Chef (server management software - you can Google it) and things broke, and we had to request exceptions to the general "recipes" used.

 

Regards,
Geoff

 

0 Helpful

Go to solution
Sheraz Saeed Lodhi
Level 3
Level 3
In response to geoff

‎10-11-2017 11:08 PM

Sorry for delay response Geoff, I have disabled RC4 and SSL version on tomcat for UAT environment. For TLS I am also going to request for an exception. Once the customer confirmed that things are working fine I will apply it on production tomcat.

Thanks for your as usual support
0 Helpful
Customers Also Viewed These Support Documents