Gap - TLS version 1.0/1.1 detected

如果在做security scan的时候,有这两个gap,需要修改两个地方

  • liberty profile server.xml

add sslProtocol="TLSv1.2" to ssl

<ssl id="defaultSSLConfig"
	sslProtocol="TLSv1.2"
     keyStoreRef="defaultKeyStore"
     securityLevel="CUSTOM" enabledCiphers="TLS_RSA_WITH_AES_128_CBC_SHA TLS_RSA_WITH_AES_128_CBC_SHA256 "/>
  • server.env

add

JVM_ARGS=-Dhttps.protocols=TLSv1.2