disable_deprecated_protocols

This API disables deprecated TLS 1.1 protocols and enables TLS 1.2 protocols.

As technology moves forward, new TLS protocols provide better security for data that is sent over a network, and older protocols are deprecated. Guardium deprecated TLS 1.1 beginning with Guardium 10.1.4 (which is no longer supported). This API disables the TLS 1.1 protocols and enables TLS 1.2 protocols.

When you deploy a new Guardium system, it includes the older TLS 1.1 protocol by default. Guardium recommends that you use this command to bring your Guardium system up to TLS 1.2.
Note: You must run disable_deprecated_protocols from a central manager. After it runs, TLS 1.2 is enabled on the central manager and all associated managed units.

This API is available in Guardium V10.1.4 and later.

GuardAPI syntax

disable_deprecated_protocols parameter=value

Parameters

Parameter Value type Description
force Boolean Determines whether to force disabling protocols on all available managed units, even if a unit is down. Valid values:
  • 0 (false)
  • 1 (true)

Default = 0 (false)

api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.

Examples

grdapi disable_deprecated_protocols force=true
Sample output:
-===Gathering deprecated protocol info===-
Deprecated protocols not disabled on CM
Comparing versions of CM to 10.1.4
Comparing versions of 3 MUs to 10.1.4
Retrieving STAP info from MUs
        Warning: Could not retrieve STAP versions from  - local.usma.ibm.com        - Unit seems to be down.
Evaluating versions of 2 STAPS
        Warning: Found STAP using clear text - 9.98.0.0
        Warning: Found STAP using clear text - 9.98.0.0
Retrieving local GIM clients info
Retrieving GIM client info from MUs
        Warning: Could not retrieve GIM versions from  - local.usma.ibm.com      - Unit seems to be down.
Force specified - disabling anyway.

-===Disabling deprecated protocols===-
Delegating to MUs
Warning: Some managed units are offline and settings were not applied to them, to apply changes              to these units try again later.
Disabled deprecated protocols, please verify communication between system components.
ok