Tutorial: Select the SSL and TLS Levels on the Web Server
Configure the minimum TLS version for Access Server web services using the Admin Web UI or command-line interface.
Overview
You can adjust the TLS settings for the Access Server web server from the Admin Web UI or command-line interface (CLI).
Default TLS settings by version
Scenario | Default minimum TLS version |
|---|---|
New installation on Access Server 3.2.0 or newer | TLS 1.3 |
Upgrade from Access Server 3.1.x or earlier | Retains previous setting (TLS 1.2 unless manually changed) |
New installation on Access Server 2.1.12-3.1.x | TLS 1.2 |
Important
The OpenSSL library insalled on your Access Server's operating system needs to support the selected TLS version. On older operating systems, OpenSSL may not support TLS 1.3. On newer operating systems, OpenSSL automatically upgrades TLs 1.0 and 1.1 connections o TLS 1.2.
An installed Access Server.
Admin Web UI access or console access with root privileges.
Sign in to the Admin Web UI.
Select Configuration → TLS Settings.
Scroll down to TLS options for Web Server.
Select your desired protocol version (the default is TLS 1.2).
Important
When you change the TLS level, this requires restarting the server.
Connect to the console and get root privileges.
List the current TLS level:
sacli ConfigQuery | grep -i "cs.tls_version_min"
If nothing is displayed, the cs.tls_version_min configuration key uses the default value. See the defaults table above for the default value that applies to your installation.
Set the minimum TLS version. Valid values are
1.0,1.1,1.2, and1.3:sacli --key "cs.tls_version_min" --value "1.2" ConfigPut sacli start
To reset the minimum TLS level to default, delete the configuration keys:
sacli --key "cs.tls_version_min" ConfigDel sacli --key "ssl_api.tls_version_min" ConfigDel sacli start