Highlighted
Tony Okusanya Respected Contributor.
Respected Contributor.
325 views

HPOO 10.60 Secure channel LDAP TLS version

Greetings all.

I configured our HPOO (10.60) central servers with valid certificates and disabled SSL, TLS 1 and TLS 1.1 per the security hardening guide. The issue we have right now is it appears that the LDAP connection (Active directory) between central and our ldap host is trying to connect using TLS 1.0

Below is an exerpt from my server.xml file's connector configuration. I configured LDAP (Active Directory) authentication in central to use secure channel can anyone help me understand why its trying to use TLS1.0?

<Connector SSLEnabled="true" URIEncoding="UTF-8" clientAuth="false" 
	compressableMimeType="text/html,text/xml,text/plain,text/css,text/javascript,application/xml,application/x-javascript,application/json" 
	compression="on" keyAlias="tomcat" keyPass="XXXXXXXXXXXXXXXXXXXXXXX" 
	keystoreFile="C:/Program Files/Hewlett Packard Enterprise/HPE Operations Orchestration/central/var/security/key.store" 
	keystorePass="XXXXXXXXXXXXXXXXX" keystoreType="JKS" maxThreads="200" port="443" protocol="org.apache.coyote.http11.Http11NioProtocol" 
	scheme="https" secure="true" server="OO" sslEnabledProtocols="TLSv1.2" sslProtocol="TLSv1.2" 
	truststoreFile="C:/Program Files/Hewlett Packard Enterprise/HPE Operations Orchestration/central/var/security/client.truststore" 
	truststorePass="XXXXXXXXXXXXXXX" truststoreType="JKS"
/>
0 Likes
1 Reply
Luis_V_OO Super Contributor.
Super Contributor.

Re: HPOO 10.60 Secure channel LDAP TLS version

Hello Tony,

                The issue you describe is a defect for which there is a hotfix available. Please, open a Support Case so that you can be provided with the hotfix. Please, refer to the link below:

https://softwaresupport.softwaregrp.com/group/softwaresupport/search-result/-/facetsearch/document/LID/QCCR8C33320

 

Cordially,

Luis Quiros
Customer Support Engineer

If you find that this or any other post resolves your issue, please be sure to mark it as an accepted solution.
If you are satisfied with anyone’s response please remember to give them a KUDOS by clicking on the STAR at the bottom left of the post and show your appreciation.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.