Knowledgebase:
Disable SSL, TLSv1, and/or TLSv1.1
Posted by John Villanueva, Last modified by John Villanueva on 18 April 2020 02:25 AM

Due to vulnerabilities found in SSL as well as TLSv1.0 and even TLSv1.1, some companies want to disable these protocols. To fix SSL/TLS-related vulnerabilities you can try the following options. 

Option 1 is the older method and has been used successfully in the past. However, there have been reports of a few JSCAPE MFT Server versions that don't read or follow the "protocols.excluded" property (see step 3). While those versions can be remedied by an upgrade, some of you might not want to upgrade yet. 

For this reason, we recommend Option 2. Regardless of which option you choose, make sure you are using Java 7 or higher (Java 8 is highly recommended). This is very important. You will not be able to disable SSLv3 and TLSv1.0 if you are using Java 6 or lower.

To disable TLSv1.0 and even TLSv1.1 protocols in JSCAPE MFT Server, follow these steps:

Option 1

1) Stop JSCAPE MFT Server
2) Modify the "protocols.excluded" property found inside ssl.cfg to this:

protocols.excluded=SSLv3,TLSv1,TLSv1.1

3) Start JSCAPE MFT Server

Option 2

1) Download and add the attached mft_disabled_tls.properties file into <mftserver installdir>
2) Add the following line into the server.vmoptions file:

-Djava.security.properties=mft_disabled_tls.properties

3) Restart JSCAPE MFT Server



Attachments 
 
 mft_disabled_tls.properties (0.13 KB)
(1 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
CAPTCHA Verification 
 
Please enter the text you see in the image into the textbox below. This is required to prevent automated registrations and form submissions.

Help Desk Software by Kayako jscape.kayako.com