How do I disable TLSv1.0 and TLSv1.1 after "HTTPS" has been enabled in the web reports?

Article ID: 459
Category: Web Reports
Applies to: 3.4 and newew
Updated: 2024-04-18

If TLS is enabled in the web reports then it's likely that all TLS versions (TLSv1.0, TLSv1.1, and TLSv1.2) are active and being accepted. Follow the steps below to disable older versions of TLS (v1.0 and v1.1) which is generally recommend and may be required for security and/or compliance reasons as well. After completing the steps below, only TLS v1.2 connections will be accepted.

Configure a TLS connector by editing the server.xml file, by default located in:

C:\Program Files\EventSentry\WebReports\web\conf\server.xml

Look for the first instance of "<Connector Port="8443".../>" and insert the following below that section:

sslEnabledProtocols="TLSv1.2"

It will look similar to this:

1
2
3
4
5
6
7
8
<!-- SSL "Connector" -->
<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
        maxThreads="150" relaxedQueryChars="[]" disableUploadTimeout="true" enableLookups="false"
        clientAuth="false" sslProtocol="TLS" scheme="https" secure="true"
        SSLEnabled="true" keystorePass="changeit"
        keyAlias="eventsentry"
        keystoreFile="C:\Program Files\EventSentry\WebReports\conf\eventsentry.jks" 
        sslEnabledProtocols="TLSv1.2"/>

If you would also like to disable HTTP, look for this connector:

1
2
3
<Connector port="8080" relaxedQueryChars="[]" protocol="HTTP/1.1"
    connectionTimeout"20000"
    redirectPort="8443" />

Either delete it or comment it out (enclose it in <!-- and -->)

Restart the EventSentry Web Reports service

After restarting the EventSentry Web Reports service, navigate to https://server.domain.local:8443 to test & access the web reports through HTTPS.



Try EventSentry on-premise

FREE 30-day evaluation

Download Now