enable_latest_tls

Enable the most recent version of TLS (TLSv1.3) by disabling TLSv1.2 on either the current system or on all associated managed units.

Transport layer security (TLS) 1.3 provides a faster and more secure encryption protocol. Your Guardium central manager appliance must be at 12.0 or later. TLS 1.3 is automatically enabled with Guardium 12.x. You can choose to disable TLS 1.2 after your central manager, all associated managed units, S-TAPs, and the GIM client are at Guardium 12.x.
Note: Be very careful about forcing Guardium to disable TLS 1.2 if your configuration includes managed units that are not at Guardium 12.0. In addition, not all add-ons and features support TLS 1.3. For more information, see Managing the TLS version.
Tip: This API takes a few minutes to run.

This API is available in Guardium v12.0 and later.

GuardAPI syntax

enable_latest_tls parameter=value

Parameters

Parameter Value type Description
all Boolean Required. For a central manager, select whether to disable TLS 1.2 on all associated managed units. Valid values:
  • 0 (false) - Disable TLS 1.2 on this machine only.
  • 1 (true) - Disable TLS1.2 on this machine and associated managed units.

Default = 0 (false)

force Boolean Specify whether to disable TLS 1.2 when appliance, GIM, or S-TAP versions are incompatible between the central manager and any managed units. Valid values:
  • 0 (false) - Do not disable TLS 1.2 if versions are incompatible.
  • 1 (true) - Disable TLS 1.2 even if versions are incompatible.

Default = 0 (false)

api_target_host String

Specifies the target hosts where the API executes. Valid values:
  • all_managed: execute on all managed units but not the central manager
  • all: execute on all managed units and the central manager
  • group:<group name>: execute on all managed units identified by <group name>
  • host name or IP address of a managed unit: specified from the central manager to execute on a managed unit.  For example, api_target_host=10.0.1.123.
  • host name or IP address of the central manager: specified from a managed unit to execute on the central manager. For example, api_target_host=10.0.1.123.

IP addresses must conform to the IP mode of your network. For dual IP mode, use the same IP protocol with which the managed unit is registered with the central manager. For example, if the registration uses IPv6, specify an IPv6 address. The hostname is independent of IP mode and can be used with any mode.