How to limit a protocol version on your WebAccess.

  • 7024828
  • 18-Sep-2020
  • 18-Sep-2020

Environment

GroupWise 18.x
SUSE Linux Enterprise Server 15

Situation

You found out that your WebAccess web site still supports older SSL protocols or lower TLS1, TLSv1.1.

Resolution

WebAccess on SLES servers depends upon Apache web and limiting protocol versions is a configuration within the Apache web server.
In GW18 we use virtual hosts. Therefore go into /etc/apache2/vhost.d directory and find corresponding configuration file "vhost-ssl.conf".
Open this file by a text editor and under "<VirtualHost _default_:443>" section , find "SSLEngine on" statement/line.
Add new line bellow like:

SSLProtocol all -TLSv1 -TLSv1.1 -SSLv3

Save the file and restart Apache web server.

For testing which protocols your web server supports you use nmap tool. If this tool is not yet installed on your SLES15 server, download it via zypper tool:

zypper in nmap

Then you can test protocol versions by following commands, like in examples bellow:

sles15:~ # nmap --script ssl-enum-ciphers -p 443 <IP of web> | grep TLSv
|   TLSv1.2:
sles15:~ # nmap --script ssl-enum-ciphers -p 443 <IP of web> | grep SSLv
sles15:~ #


Feedback service temporarily unavailable. For content questions or problems, please contact Support.