How to enforce TLS 1.2 when connecting to MC on iPrint Appliance 3.0

  • 7020975
  • 16-Jun-2017
  • 22-Jun-2017

Environment

Micro Focus iPrint Appliance 3.0

Situation

By default, the iPrint Management Console (https://dnsname:9443) will allow connections over using TLS 1.0 and TLS 1.1. If this is a concern and you want to enforce the use of only TLS 1.2, follow the steps mentioned within the Resolution section.

Resolution

1. Create a snapshot of the appliance or a backup of /opt/novell/common-services/etc/jetty-ssl.xml file
2. Open /opt/novell/common-services/etc/jetty-ssl.xml with vi
3. At the end of the file, before the </Configure> section, add the following rule:
Add to sslContextFactory:
<Call name="setIncludeProtocols">
  <Arg>
    <Array type="String">
      <Item>TLSv1.2</Item>
    </Array>
  </Arg>
</Call>

</Configure>
So it looks like:
Add to sslContextFactory:
<Call name="setIncludeProtocols">
  <Arg>
    <Array type="String">
      <Item>TLSv1.2</Item>
    </Array>
  </Arg>
</Call>

</Configure>
Save the file

4. Restart jetty:
rcnovell-jetty restart