IBM Security Verify

I need to disable TLS1.0 and TLS1.1 on the LMI.  The setup is the same on two appliances but get different results per "openssl s_client -connect <host>:<port> -tls1_1".  :(

In "Manage System Settings -> System Settings -> Administrator Settings" the Enable Server Secure Protocols is set to TLSv1.2 on all appliances.  On one appliance, it seems to be rejecting tls1.0 and tls1.1 but on another appliance it accepts 1.0 and 1.1.  I am scratching my head as to why this is.  What am I missing?

Thanks,
Troy

------------------------------
Troy Burkle
------------------------------

Hi Troy,

I tried to reproduce this but I wasn't able to get anything but a TLS 1.2 connection when I had that set in the Admin parameters.
Was this configuration set to something else (and you just changed it to this value)?  My system was set to TLS 1.2 on install (it's 10.0.2.0).

Maybe you'll need to open a support call?

One word of warning... I managed to lock myself out of LMI web interface while messing with these settings (incompatible values in the "Enabled TLS protocols" and "Enabled Server Secure Protocols".  I recovered by applying previous snapshot using CLI.

Jon.

------------------------------
Jon Harry
Consulting IT Security Specialist
IBM
------------------------------

Original Message:
Sent: Thu August 26, 2021 04:53 PM
From: Troy Burkle
Subject: LMI Disable TLS 1.0 and 1.1


I need to disable TLS1.0 and TLS1.1 on the LMI.  The setup is the same on two appliances but get different results per "openssl s_client -connect <host>:<port> -tls1_1".  :(

In "Manage System Settings -> System Settings -> Administrator Settings" the Enable Server Secure Protocols is set to TLSv1.2 on all appliances.  On one appliance, it seems to be rejecting tls1.0 and tls1.1 but on another appliance it accepts 1.0 and 1.1.  I am scratching my head as to why this is.  What am I missing?

Thanks,
Troy

------------------------------
Troy Burkle
------------------------------