TLS 1.0 is a security protocol first defined in 1999 for establishing encryption channels over computer networks. While no longer the default security protocol in use by modern OSes, TLS 1.0 is still supported for backwards compatibility. Evolving regulatory requirements often provide corporations with the incentive to disable TLS 1.0 entirely. The following article will outline the steps to enable TLS 1.3 only or TLS 1.2 and 1.3 only; disabling TLS 1.0, 1.1 and 1.2.
- RDP to your Variphy Server.
- Stop the Variphy Insight service with Windows Services.
3. Navigate to C:\Program Files\Variphy Insight\config using File Explorer.
4. Make a copy of the https_customizations.xml file.
5. Edit the original https_customizations.xml file using a file editor (NotePad++ or Wordpad).
6. Delete the contents of the original file and Paste the following content into the file.
<Connector
protocol="org.apache.coyote.http11.Http11NioProtocol"
maxThreads="200"
minSpareThreads="10"
enableLookups="false"
disableUploadTimeout="true"
asyncTimeout="900000"
connectionTimeout="20000"
acceptCount="100"
SSLEnabled="true"
scheme="https"
secure="true"
port="8443"
>
<SSLHostConfig protocols="TLSv1.2,TLSv1.3">
<Certificate
certificateKeystoreFile="keystore.pfx"
certificateKeystoreType="PKCS12"
certificateKeystorePassword="V@riphy!!"
/>
</SSLHostConfig>
</Connector>
If you wish to disable TLS 1.2 also remove “TLSv1.2,” from the config
7. Save the new file.
8. Start the Variphy Insight service.
9. Give Variphy a minute to start back up and you have successfully disabled TLS 1.0, 1.1 and/or 1.2.
To utilize TLS 1.2 only please follow the article How to Disable TLS 1.0 and 1.1 in Variphy (Windows).