How to enable TLS 1.0 or 1.1 in GMS 18.2

  • 7024270
  • 18-Nov-2019
  • 18-Nov-2019

Environment

GroupWise Mobility Service 18.2

Situation

In some cases, Administrators will want to enable TLS 1.0 and/or TLS 1.1 via configuration files.  Remember, the security community recommends using TLS 1.2 or higher. Enabling TLS 1.0 or 1.1 is not a security best practice.

In Mobility 18.2,TLS 1.0 and TLS 1.1 was disabled for devices and browsers accessing WebAdmin. It may be the case that devices and browsers older than eight years old may be denied access to Mobility services.

Resolution

To enable TLS 1.0 or TLS 1.1 in Mobility 18.2, do the following:
1. Edit etc/datasync/configengine/configengine.xml
2. Under <config><configengine>, add the following section:
    <sslConfig>
        <includeMethods></includeMethods>
        <includeCiphers></includeCiphers>
    </sslConfig>

3. Add the number corresponding to the TLS version to the <includeMethods></includeMethods> setting. 
TLS1 = 4
TLS 1.1= 5

For example, to enable devices or browsers to use TLS 1.1, the setting will lock like the following:
<includeMethods>4</includeMethods> #Enable TLS 1.0
<includeMethods>5</includeMethods> #Enable TLS 1.1
<includeMethods>4, 5</includeMethods> #Enable TLS 1.0 and 1.1

4. Restart Mobility.

Additional Information

NOTE:  Versions of Mobility 18.1.1 and older had a different way to enable/disable TLS versions. The setting was called <excludeMethods>.    This setting is no longer used and is ignored.

Feedback service temporarily unavailable. For content questions or problems, please contact Support.