Articles in this section

See more

Disable TLS 1.0 and TLS 1.1 for Universal Type Server (UTS)

Avatar
Jeff
  • Updated

The instructions listed below will allow you to disable older versions of TLS 1.0 and 1.1 and run TLS version 1.2 on your Universal Type Server. 

 

STEPS TO DISABLE FOR USER MANAGEMENT WEB PORTAL:

  1. STOP Universal Type Server via the Universal Type Server Administration Web interface.

  2. BackuptheJBoss “standalone.xml” file :

    Windows

    copy “C:\Program Files\Extensis\Universal Type Server\applications\jboss\standalone\configuration\standalone.xml” “C:\Program Files\Extensis\Universal Type Server\applications\jboss\standalone\configuration\standalone.xml.original

    OSX

    cp “/Applications/Extensis/Universal Type Server/applications/jboss/standalone/configuration/standalone.xml” “/Applications/Extensis/Universal Type Server/applications/jboss/standalone/configuration/standalone.xml.original

    Note that this step can be accomplished via the Windows File Explorer / OSX Finder.

  3. Modifythe JBoss “standalone.xml” file :

    Windows

    C:\Program Files\Extensis\Universal Type Server\applications\jboss\standalone\configuration\standalone.xml

    OSX

    /Applications/Extensis/Universal Type Server/applications/jboss/standalone/configuration/standalone.xml

~ line 292 col 55

enabled-protocols="TLSv1.2"

  1. START Universal Type Server via the Universal Type Server Administration Web

    interface.

  2. Verify that you can access the User Management Web / Universal Type Client interfaces

    via https://<server.domain.name>:8443

 

PROTOCOL DISABLE VERIFICATION

1. OpenSSL can be used to verify that both TLS 1.0. And TLS 1.1 have been properly disabled. OSX ships with a fairly recent version of OpenSSL while pre-compiled Windows binaries are available via the following URL: https://indy.fulgan.com/SSL/

openssl​ ​s_client​ ​-connect​ ​<server.domain.name>:<port>-​ ​<protocol> Verifying that TLS 1.0 has been disabled for the User Management Web :

openssl s_client -connect uts-demo.extensis.com:8443-tls1 

CONNECTED(00000005)
4579010156:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2
2.260.1/libressl-2.6/ssl/ssl_pkt.c:585:

 

Verifying that TLS 1.1 has been disabled for the User Management Web :

openssl s_client -connect uts-demo.extensis.com:8443-tls1_1 CONNECTED(00000005)

4545271404:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2
2.260.1/libressl-2.6/ssl/ssl_pkt.c:585:

Related articles