Touch file ".doNotUseTLS" is not longer available with NetIQ Access Manager 3.2

  • 7014615
  • 25-Feb-2014
  • 25-Feb-2014

Environment

NetIQ Access Manager 3.2
NetIQ Access Manager 3.2.2
NetIQ Access Manager 3.2 Access Gateway
NetIQ Access Manager 3.2.2 Access Gateway

Situation

  • Access Gateway fails on creating an SSL connection with a protected web server
  • Protected web server does not support the TLS1 protocol
  • Protected web server responds with a TCP RST on a Client Hello request using TLS1
  • The touch file  ".doNotUseTLS" is not longer available with NetIQ Access Manager 3.2

Resolution

Add the following Apache mod_ssl directives to the global advanced option configuration section of the Access Gateway from within iManager

SSLProtocol SSLv3
SSLCipherSuite ALL:-NULL:-EXP:-LOW:-ADH