Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

How to Disable TLS 1.0 and 1.1 in CSR Server

  1. Last updated
  2. Save as PDF

From Content Security Reporter 2.9.x

When you perform an audit scan of your CSR server, you see that TLS 1.0 and 1.1 are enabled, and port 9121 is in use.
CSR server allows connections with TLS 1.1, TLS 1.2, and TLS 1.3. By default, TLS 1.0 is disabled.

The problem is to disable TLS 1.0 and 1.1 on the CSR Server and ensure compliance.

 

To disable TLS 1.1, and ensure 1.0 is disabled, perform the steps below:

  1. Navigate to C:\Program Files\Skyhigh\Content Security Reporter\reporter\jboss\bin.
  2. Create a backup of java.custom.security, and place the backup in a safe location.
  3. Open java.custom.security in a text editor of your choice.
  4. Locate the following entry:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, RC4, DES, MD5withRSA, DH keySize < 1024, \ EC keySize < 224, 3DES_EDE_CBC, anon, NULL

NOTE: In this example, TLS 1.0 is already listed as disabled (TLSv1).

  1. Edit the entry to the following:

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, RC4, DES, MD5withRSA, DH keySize < 1024, \EC keySize < 224, 3DES_EDE_CBC, anon, NULL

  1. Restart the CSR service.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.