Force a TLS version

doug_schulze
ServiceNow Employee
ServiceNow Employee

Got caught up in a question from a great friend of our discovery family that had a security requirement to have the MID Server only accept TLS v1.2 no other, and thought it would be good to share the answer if anyone else may come across the same requirement.

****Please note, this is an advanced change and should NOT be done for the sake of being done just because you can     Do your due diligence and full testing before implementing and do know that any upgrade to the mid server will overwrite your changes!!!!   In this case, we also had to let them know that requests to any non TLS 1.2 compliant HTTP server would fail where it used to work. so Test and test and test****

On the MID Server host open the agent/jre/lib/security/java.security file and modify the line

jdk.tls.disabledAlgorithms=SSLv3, TLSv1, TLSv1.1, <or any other that you don't want to be used (comma separated)>

-Restart the midserver.

1 REPLY 1

Pavan Kumar1
Tera Contributor

Does this change has any impact on Discovery scans of servers and network devices?