Re: - Sorry my first reply may

mel-ghazali · ‎06-28-2016

Dears,

have any one tried to disable SSLv2, SSLv3 , TLSv1.0 and TLS1.1 and keep only TLS1.2

Mark Elsen · ‎06-29-2016

- Presumably, apache being used, you may change, httpd.conf,or ssl.conf,or httpd-ssl.conf (find the relevant file,containing ssl-directives) and use something as :

SSLProtocol all -SSLv2 -SSLv3 -Anyother-cipher-you-don't-want

Restart httpd afterwards, HOWEVER, prime may have the settings hard-coded in the daemon so I am not sure this will work.

Verify before and after with :

% nmap --script ssl-enum-ciphers -p 443 <host>

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Mark Elsen · ‎06-29-2016

- Sorry my first reply may got garbled, so I try again :

- Presumably, apache being used, you may change, httpd.conf,or ssl.conf,or httpd-ssl.conf (find the relevant file,containing ssl-directives) and use something as :

SSLProtocol All -SSLv2 --Anyother-ciphers-you-don't-want

Restart apache, prime ,however may have the settings hard-coded in the daemon, so I am not sure this will work;verify with :

% nmap --script ssl-enum-ciphers -p 443 <host>

M.

-- Let everything happen to you
   Beauty and terror
      Just keep going
     No feeling is final
Reiner Maria Rilke (1899)

Andrii Oliinyk · ‎10-10-2022

Hi Marce
why cant it be changed with prime CLI instead?

tls-server-versions <tls_versions> - set the TLS versions to be enabled for TLS service  - TLSv1.2 TLSv1.1 TLSv1
tls-server-ciphers <tls_cipher_groups> - set the TLS cipher group to be enabled  for TLS service - tls-ecdhe-sha2 tls-ecdhe-sha1 tls-dhe-sha2 tls-dhe-sha1 tls-static-sha2 tls-static-sha1

Command Reference Guide for Cisco Prime Infrastructure 3.10 - Command Reference [Cisco Prime Infrastructure] - Cisco

Cisco Prime Infrastructure 3.1 "enable TLSv1.2 only"