Managing the TLS version
You can disable TLS 1.0/1.1, and enable TLS 1.2 on all appliances, S-TAP agents, CAS and GIM clients.
About this task
To increase the security of the Guardium system, from Guardium release v10.1.4, communications protocols TLS 1.0/1.1 can be optionally disabled. Disabling TLS 1.0/1.1 results in only the TLS 1.2 protocol being enabled. Communications may be less secure when using TLS 1.0/1.1.
You must disable TLS 1.0/1.1 from the central manager and/or standalone unit using the CLI. Your Guardium appliances, S-TAP agents, CAS and GIM clients must be at specific versions to enable this feature.
Disabling TLS 1.1 automatically checks to make sure managed units and S-TAPs are at specific versions, but cannot check CAS client versions. Customers using CAS need to make sure their CAS clients are at version 10.1.4 and their database servers have Java 7 enabled. Lack of doing this will result in the inability to see CAS connections to database servers.
Make sure all managed units have version 10.1.4 installed, and GIM clients and S-TAPs are at a minimum version of 10.1.2. Failure to meet all requirements will mean that TLS 1.0/1.1 will not be disabled.
To get information about, and to disable TLS1.0/1.1 on all units in a managed environment, (central manager, aggregator, managed units), run the following commands on the central manager.