If TLS is enabled in the web reports then it's likely that all TLS versions (TLSv1.0, TLSv1.1, and TLSv1.2) are active and being accepted. Follow the steps below to disable older versions of TLS (v1.0 and v1.1) which is generally recommend and may be required for security and/or compliance reasons as well. After completing the steps below, only TLS v1.2 connections will be accepted.
Configure a TLS connector by editing the server.xml file, by default located in:
C:\Program Files\EventSentry\WebReports\web\conf\server.xml
Look for the first instance of "<Connector Port="8443".../>" and insert the following below that section:
sslEnabledProtocols="TLSv1.2"
It will look similar to this:
1 2 3 4 5 6 7 8 |
<!-- SSL "Connector" --> <Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol" maxThreads="150" relaxedQueryChars="[]" disableUploadTimeout="true" enableLookups="false" clientAuth="false" sslProtocol="TLS" scheme="https" secure="true" SSLEnabled="true" keystorePass="changeit" keyAlias="eventsentry" keystoreFile="C:\Program Files\EventSentry\WebReports\conf\eventsentry.jks" sslEnabledProtocols="TLSv1.2"/> |
If you would also like to disable HTTP, look for this connector:
Either delete it or comment it out (enclose it in <!-- and -->)
Restart the EventSentry Web Reports service
After restarting the EventSentry Web Reports service, navigate to https://server.domain.local:8443 to test & access the web reports through HTTPS.