Are there any issues with disabling TLS 1.0 on the Wetier server? We're running 8.4 patch 11 and the Webtier is running Windows OS. If we disable TLS 1.0 on just the Webtier, will this affect the primary auth manager and replicas?
AM 8.4 only accepts TLSv1.2, so you should be fine between Web Tier and primary and any replicas. You might need to verify if any user browsers need to do TLSv1.0, or any load balancers you have in front of Web Tiers, but this will flush those users out.
I have an 184.108.40.206.0 webtier, and by default, this is what is allowed or not
Testing protocols via sockets except NPN+ALPN
SSLv2 not offered (OK) SSLv3 not offered (OK) TLS 1 not offered TLS 1.1 offered (deprecated) TLS 1.2 offered (OK) TLS 1.3 not offered and downgraded to a weaker protocol NPN/SPDY not offered ALPN/HTTP2 not offered
Ok so sounds like we can turn TLS 1.0 off on the Webtier server without affecting the primary and replicas. Thanks! As always, will take a snapshot just in case.
snapshot = career saver
Retrieving data ...