Skip to main content

Tutorial: Select the SSL and TLS Levels on the Web Server

Abstract

You can adjust the SSL and TLS levels Access Server uses for the hosted web services.

Overview

You can adjust the TLS settings for the Access Server web server from the Admin Web UI or command-line interface (CLI).

Prerequisites

  • An installed Access Server.

  • Admin Web UI access or console access with root privileges.

Option 1: Adjust the TLS level from the Admin Web UI

  1. Sign in to the Admin Web UI.

  2. Click Web Services.

  3. Select your desired protocol version for TLS protocol.

    Note

    The default is TLS 1.2.

  4. Slick Save and Restart.

Option 2: Adjust the TLS level from the CLI

  1. Connect to the console and get root privileges.

  2. List the current TLS level:

    sacli ConfigQuery | grep -i "cs.tls_version_min"

    • If nothing displays, the cs.tls_version_min configuration key uses the default value, TLS 1.2.

  3. Set the web services minimum requirement of TLS 1.3 or higher:

    sacli --key "cs.tls_version_min" --value "1.2"1 ConfigPut
sacli start

    1

    Valid values for the cs.lts_version_min configuration key are:

    • 1.0: require TLS 1.0 or higher.

    • 1.1: require TLS 1.1 or higher.

    • 1.2: require TLS 1.2 or higher.

    • 1.3: require TLS 1.3 or higher.

    Important

    The OpenSSL library that comes with the operating system on which your Access Server is installed must support the selected value. On older operating systems, OpenSSL did not yet support TLS 1.3, so it will not function on those platforms. On newer operating systems, OpenSSL automatically upgrades TLS 1.0 and TLS 1.1 to TLS 1.2.

  4. Reset the minimum TLS level settings to default by deleting the configuration keys:

    sacli --key "cs.tls_version_min" ConfigDel
sacli --key "ssl_api.tls_version_min" ConfigDel
sacli start
In this section: