How do I disable TLS1.0 & TLS1.1 for glassfish admin console(admin-listener, port 4848, jdk1.8.0_261)?
I don't want to disable it at server level (/usr/java/jdk1.8.0_261-amd64/jre/lib/security/java.security) as it may affect the applications running on it. Hence, I am looking for a way to disable TLS1.0 & TLS1.1 at listeners end.
When I try to disable it via command line, it throws the below error:
[root@appweb home]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.admin-listener.ssl.tls-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
remote failure: No configuration found for configs.config.server-config.network-config.protocols.protocol.admin-listener.ssl
Command set failed.
[root@appweb home]#
I found the solution by playing with asadmin for a while. Here is the final outcome:
[root@appweb]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls-enabled=false
Command set executed successfully.
[root@appweb]#
[root@appweb]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls11-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls11-enabled=false
Command set executed successfully.
[root@appweb]#
Then, restart glassfish service.
This will disable TLS1.0 & TLS1.1 for glassfish admin console, which is running on port 4848. Also, a solution for: https://www.tenable.com/plugins/nessus/104743