Setting TLS1.2 on Apache Knox instance

Question

I am looking for some ideas on disabling TLS 1 and 1.1 in order to get the TLS version 2 working on my Apache Knox appliance. I tried :

Add a line in the gateway-site.xml file

<property>
    <name>ssl.exclude.protocols</name>
    <value>TLSV1.1</value>
    <description>Excluded SSL protocols.</description>
</property>

Add the last line in the knoxsso.xml file :

  <topology>
    <gateway>
      <provider>
        <role>webappsec</role>
        <name>WebAppSec</name>
        <enabled>true</enabled>
        <param><name>xframe.options.enabled</name><value>true</value></param>
    <param><name>strict.transport.enabled</name><value>true</value></param>
      </provider>

score 2 · Answer 1 · answered Nov 27 '20 at 01:46

Try adding SSLv3, RC4, MD5withRSA, DH keySize < 768, TLSv1, TLSv1.1 to following property in /$JAVA_HOME/jre/lib/security/java.security

jdk.tls.disabledAlgorithms=SSLv3, RC4, MD5withRSA, DH keySize < 768, TLSv1, TLSv1.1

Restart knox and run following to verify:-

nmap -sV --script +ssl-enum-ciphers -p $(port) $(hostname -f)

Setting TLS1.2 on Apache Knox instance

1 Answers1