Help
Not a customer? Start a free trial

Not a customer? Click the 'Start a free trial' link to begin a 30-day SaaS trial of our product and to join our community.

Existing Cisco AppDynamics customers should click the 'Sign In' button to authenticate to access the community

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How do I disable TLS 1.0 and TLS 1.1 on the AppDynamics on-premises Controller?

Saradhi.Potharaju
AppDynamics Team (Retired)

on ‎05-30-2017 11:11 AM - edited on ‎03-08-2023 09:24 PM by

What are the steps for disabling TLS versions 1.0 and 1.1 on the on-premises Controller?

In this article...
Disable TLS 1.0 and 1.1  |  Test the Controller after disabling TLS 1.0 and 1.1

 

Disable TLS 1.0 and 1.1 

  1. Stop appserver
    <controller_home>/bin/controller.sh stop-appserver
  2. Take a backup of <controller_home>/appserver/glassfish/domains/domain1/config/domain.xml

  3. Locate the "ssl" element in domain.xml
    <ssl ssl3-tls ciphers="...." ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" tls-enabled="false"></ssl>

    To disable TLS 1.0

    Set the attribute tls-enabled="false"

    NOTE | This attribute may already exist and be disabled by default (set to false). If set to "true" change it to "false" to disable TLS 1.0)
    To disable TLS 1.1 Add an attribute tls11-enabled="false" after the tls-enabled="false" attribute, with the two attributes separated by a space
    To enable TLS 1.2 explicitly TLS v1.2 is enabled by default after setting the two properties above. If you want to still indicate it in domain.xml , add the attribute tls12-enabled="true" separated from the previous attribute by a space
  4. After making the above changes, the SSL element looks like:
    <ssl ssl3-tls ciphers="...." ssl3-enabled="false" classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as" tls-enabled="false" tls11-enabled="false" tls12-enabled="true"></ssl>
​

STEP 4 NOTES 

  • Do not change any other attributes other than tls-enabled, tls11-enabled and tls12-enabled
  • The ciphers="...." attribute is indicated with ellipses(...) because there are many ciphers and we didn't include them above since they were not to be changed. The actual domain.xml contains the list of ciphers and they are not to be changed.

  1. Start the appserver
    <controller_home>/bin/controller.sh start-appserver

STEP 5 NOTE  Allow a few minutes for the appserver to start.

Test the Controller after disabling TLS 1.0 and 1.1

  1. To test whether the Controller now accepts TLS 1.0, TLS 1.1 and TLS 1.2 protocol you could use OpenSSL to test the connectivity and for TLS 1 (which is TLS 1.0) and TLS 1_1 (which is TLS 1.1) the connectivity fails with "handshake failure"
    openssl s_client -connect <controller_host>:<controller_ssl_port> -tls1
openssl s_client -connect <controller_host>:<controller_ssl_port> -tls1_1
openssl s_client -connect <controller_host>:<controller_ssl_port> -tls1_2​

STEP 6 NOTES 

  • The the <controller_ssl_port> is the port tied to "http-listener-2" in <controller_home>/appserver/glassfish/domains/domain1/config/domain.xml <network-listener port="<PORT>" protocol="http-listener-2" transport="tcp" name="http-listener-2" thread-pool="http-thread-pool"></network-listener>

  • <controller_host> is the hostname of the server on which the controller is installed
0 Kudos
Comments
Claudia.Landivar
AppDynamics Team (Retired)
‎02-01-2023 12:52 PM

Hello, Everyone

The content change above is under step 3, "To disable TLS 1.1".
Other than that, I just reformated the article, to make it (hopefully!) more scannable for you.

Claudia Landivar
Community Manager & Editor

Version history
Last update:
‎03-08-2023 09:24 PM
Updated by:
Join Us On December 10
Learn how Splunk and AppDynamics are redefining observability

Register Now!
Observe and Explore
Dive into our Community Blog for the Latest Insights and Updates!

Read the blog here

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support