You want to know how to switch to TLSv1.2 only, and what impact that will have with agent communications.
DCS 6.7 MP3
If I enable TLSv1.2 only for UMC/DCS server of 6.7 MP3 version, which DCS agents installed on the old OS would be affected?
Windows platforms: Agent on Windows 2003 and Windows XP and older windows versions will fail to communicate and will be shown offline.
Linux Platforms: Agents installed on RHEL, SLES, Ubuntu OSes use Openssl package installed on OS. So if openssl version is older than v1.0.1 installed on OS then communication of those agents with DCS Manager will no longer work, Agents will fail to communicate and will be shown offline.
If Openssl 1.0.1 package is not available for certain versions of Linux OS then Communication of those agents will break. e.g. RHEL 5.x and RHEL version before 6.5 do not have openssl 1.0.1 package available on their repository
Frozen Platforms: Additionally following frozen platforms will also fail to communicate with DCS Manager server using TLS v1.2
- Red Hat Enterprise Linux 4 - SUSE Linux Enterprise Server 9 - Solaris 9 - HP-UX 11i V2 (11.23) (64-bit) - HP-UX 11i V1 (11.11) (64-bit) - Windows 2003 - Windows XP Professional - Windows 2000 - Windows NT Server 4.0
AIX and Solaris: AIX and Solaris x86 and sparc agents uses Openssl shipped with the agent installer. Those AIX and Solaris binaries in 6.7.3 CD image ships Openssl version which supports TLS v1.2.
AIX 5 binary has updated version of (5.2.9. MP6 HF7) available for download. It is also shipped with Openssl version which supports TLS v1.2.
How do I make the change Location: "/tomcat/conf" folder of DCS server installation path Filename: server.xml
1) Make a copy of the server.xml
2) Edit the server.xml, change the following parameters:
3) sslEnabledProtocols="TLSv1,TLSv1.1,TLSv1.2" to sslEnabledProtocols="TLSv1.2" for all locations
4) sslProtocol="TLS" to sslProtocol="TLSv1.2" for all locations