Skip to main content
Ask Question
Security
marshcm
Linux/HPC Systems Administator
Asked a question 7 months ago

How do I disable TLS 1.0, and TLS1.1 without breaking BCM? Industry is moving to using only TLS1.2, I have need to disable any other versions of TLS.

Where am I?

In Bright Computing, Inc. you can ask and answer questions and share your experience with others!

You can change the TLS version by setting the SSLServerMethod advanced config in /cm/local/apps/cmd/etc/cmd.conf (on the head node) to the desired version of TLS such as "TLS 1.2". Then follow that with your cipher list options. For example: 

AdvancedConfig = { "SSLServerMethod=TLS 1.2","CipherList=HIGH:!EXP" }

A restart of the cmdaemon service is required after making the above change.