* To disable TLS 1.0 - set the attribute tls-enabled="false" (This attribute might already exist and is disabled by default and hence by default set to false. If set to "true" change it to "false" to disable TLS 1.0)
* To disable TLS 1.1 - add an attribute tls11-enabled="true" after the tls-enabled="false" attribute with both attributes separated by space
* TLS 1.2 - is enabled by default after setting above two properties. If you want to still indicate it in domain.xml add the attribute tls12-enabled="true" separated by a space from the previous attribute
4) After making above changes, the ssl element looks like:
4.1) Do not change any other attributes other than tls-enabled, tls11-enabled and tls12-enabled
4.2) The ciphers="...." attribute is indicated with ellipses(...) because there are many ciphers and as they are not to be changed they are not listed above. But the actual domain.xml contains list of ciphers and they are not to be changed.
5) Start the appserver <controller_home>/bin/controller.sh start-appserver
Note: Allow few minutes for the appserver to start.
6) To test if the controller now accepts tls1.0, tls1.1 and tls1.2 protocol you could use openssl to test the connectivity and for tls1 (which is tls1.0) and tls1_1 (which is tls1.1) the connectivity fails with "handshake failure"
6.1) The the <controller_ssl_port> is the port tied to "http-listener-2" in <controller_home>/appserver/glassfish/domains/domain1/config/domain.xml <network-listener port="<PORT>" protocol="http-listener-2" transport="tcp" name="http-listener-2" thread-pool="http-thread-pool"></network-listener>
6.2) <controller_host> is the hostname of the server on which controller is installed