From Experience Portal 7.2, all servers are updated to use TLS 1.2 to maximize system security. If servers external to the EPMs and MPPs cannot be updated to use TLS 1.2, then during the transition period, the TLS 1.0 and TLS 1.1 protocols can be manually enabled on the Experience Portal servers. The script used to enable these legacy TLS protocols is $AVAYA_HOME/Support/Security-Tools/ConfigureLegacyTLS.sh.
Avaya highly recommends that after the external servers are updated to use TLS 1.2, the TLS 1.0 and TLS 1.1 protocols must be disabled on all the Experience Portal servers.
The following commands are run using the ConfigureLegacyTLS.sh script:
bash ConfigureLegacyTLS.sh disable command: To disable legacy TLS 1.0 and TLS 1.1 protocols in httpd configuration, providing greater security
bash ConfigureLegacyTLS.sh enable command: To enable legacy TLS 1.0 and 1.1 protocols in httpd configuration, lowering system security but providing backward compatibility with systems requiring these legacy TLS protocols.
bash ConfigureLegacyTLS.sh status command: To display the current status of the legacy TLS protocols in httpd configuration.
A re-installation or upgrade of Experience Portal may automatically disable these legacy TLS protocols. If backward compatibility must be retained across upgrades, the ConfigureLegacyTLS.sh script must be re-run to enable legacy TLS protocols after each Experience Portal upgrade.
To maximize security, it is suggested that these legacy TLS protocols remain disabled if possible.
Note:
If you run either the enable or disable command, the Apache (httpd) daemon automatically reloads if it is running.
