Environment
GroupWise Mobility Service 18.2
Situation
In some cases, Administrators will want to enable TLS 1.0 and/or
TLS 1.1 via configuration files. Remember, the security
community recommends using TLS 1.2 or higher. Enabling TLS 1.0 or
1.1 is not a security best practice.
In Mobility 18.2,TLS 1.0 and TLS 1.1 was disabled for devices
and browsers accessing WebAdmin. It may be the case that devices
and browsers older than eight years old may be denied access to
Mobility services.
Resolution
To enable TLS 1.0 or TLS 1.1 in Mobility 18.2, do the
following:
1. Edit etc/datasync/configengine/configengine.xml
2. Under <config><configengine>, add the following
section:
<sslConfig>
<includeMethods></includeMethods>
<includeCiphers></includeCiphers>
</sslConfig>
3. Add the number corresponding to the TLS version to the
<includeMethods></includeMethods> setting.
TLS1 = 4
TLS 1.1= 5
For example, to enable devices or browsers to use TLS 1.1, the
setting will lock like the following:
<includeMethods>4</includeMethods> #Enable TLS
1.0
<includeMethods>5</includeMethods> #Enable TLS
1.1
<includeMethods>4, 5</includeMethods> #Enable TLS
1.0 and 1.1
4. Restart Mobility.
Additional Information
NOTE: Versions of Mobility 18.1.1 and older had a
different way to enable/disable TLS versions. The setting was
called <excludeMethods>. This setting is no
longer used and is ignored.