Disable TLS 1.0 and TLS 1.1 for Universal Type Server (UTS)
The instructions listed below will allow you to disable older versions of TLS 1.0 and 1.1 and run TLS version 1.2 on your Universal Type Server.
STEPS TO DISABLE FOR USER MANAGEMENT WEB PORTAL:
-
STOP Universal Type Server via the Universal Type Server Administration Web interface.
-
Backup the JBoss “standalone.xml” file :
WIndows
copy “C:\Program Files\Extensis\Universal Type Server\applications\jboss\standalone\configuration\standalone.xml” “C:\Program Files\Extensis\Universal Type Server\applications\jboss\standalone\configuration\standalone.xml.origi nal”
OSX
cp “/Applications/Extensis/Universal Type Server/applications/jboss/standalone/configuration/standalone.xml” “/Applications/Extensis/Universal Type Server/applications/jboss/standalone/configuration/standalone.xml.origi nal”
Note that this step can be accomplished via the Windows File Explorer / OSX Finder.
-
Modify the JBoss “standalone.xml” file :
WIndows
C:\Program Files\Extensis\Universal Type Server\applications\jboss\standalone\configuration\standalone.xml
OSX
/Applications/Extensis/Universal Type Server/applications/jboss/standalone/configuration/standalone.xml
~ line 292 col 55
enabled-protocols="TLSv1.2"
-
START Universal Type Server via the Universal Type Server Administration Web
interface.
-
Verify that you can access the User Management Web / Universal Type Client interfaces
via https://<server.domain.name>:8443
PROTOCOL DISABLE VERIFICATION
1. OpenSSL can be used to verify that both TLS 1.0. And TLS 1.1 have been properly disabled. OSX ships with a fairly recent version of OpenSSL while pre-compiled Windows binaries are available via the following URL : https://indy.fulgan.com/SSL/
openssl s_client -connect <server.domain.name>:<port> - <protocol> Verifying that TLS 1.0 has been disabled for the User Management Web :
openssl s_client -connect uts-demo.extensis.com:8443 -tls1
CONNECTED(00000005)
4579010156:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2
2.260.1/libressl-2.6/ssl/ssl_pkt.c:585:
Verifying that TLS 1.1 has been disabled for the User Management Web :
openssl s_client -connect uts-demo.extensis.com:8443 -tls1_1 CONNECTED(00000005)
4545271404:error:140040E5:SSL routines:CONNECT_CR_SRVR_HELLO:ssl handshake
failure:/BuildRoot/Library/Caches/com.apple.xbs/Sources/libressl/libressl-2
2.260.1/libressl-2.6/ssl/ssl_pkt.c:585: