Removing TLSv1.0 in WSO2 EMM 1.1.0

Question

I am setting up a new WSO2 EMM server and, in order to maintain my organization's PCI DSS certification, I have to disable support for any encryption protocol lower than TLSv1.1 before I can put it into production (see this for more information on PCI 3.1).

I edited the file /repository/conf/tomcat/catalina-server.xml as per the documentation. Here is what I tried:

I changed the attribute sslEnabledProtocols from TLS to TLSv1.1,TLSv1.2, but this generates the error

ERROR {org.wso2.carbon.tomcat.internal.CarbonTomcat} - LifeCycleException while starting tomcat connector {org.wso2.carbon.tomcat.internal.CarbonTomcat}

in my wso2carbon.log and I'm unable to log into the EMM web console.

Does anyone know how to disable TLSv1.0 without breaking my installation?

cheers,

score 1 · Answer 1 · answered Jul 07 '15 at 01:02

1

Found it! you have to get rid of sslProtocol attribute and replace it with sslEnabledProtocols, they look very similar.

answered Jul 07 '15 at 01:02

retrodanny

127
3

Removing TLSv1.0 in WSO2 EMM 1.1.0

1 Answers1