Community
Select to view content in your preferred language

TLS Configuration 1.2 does not take effect on ArcGIS Server 10.9.1

1256
4
Jump to solution
02-27-2023 02:08 AM
Felipe_Costa
by
Occasional Contributor
‎02-27-2023 02:08 AM

Hello,

Recently I have updated the security configuration on ArcGIS Server, running the version 10.9.1 to use the TLS 1.2. However, even limiting the only for the mentioned version, this server is still supporting the version 1.1 on the port 6443. 

I only modified the security configuration on ArcGIS Server Admin page. Is there any other configuration that I should have changed?

 

Thanks a lot!
Felipe

Tags (3)
Preview file
37 KB
0 Kudos
1 Solution

Accepted Solutions
Felipe_Costa
by
Occasional Contributor
‎02-27-2023 10:10 AM

Hi Jeff,

 

Amazing! I removed the permission for the account running the ArcGIS Server and applied it again. After I ran the OpenSSL and the version accepted was only the 2.2.

 

Thank you for your help!

Best regards,

Felipe

View solution in original post

0 Kudos
4 Replies
JeffSmith
by Esri Contributor
Esri Contributor
‎02-27-2023 08:48 AM

Hi Felipe,

When you make any changes to the Server security configuration, Server should restart automatically.  Just to be absolutely certain, you might try restarting the Server service.  Limiting it to TLSv1.2 is fine.  Was the 10.9.1 system upgraded from an earlier release?  I ask because 10.9.1 only enables TLSv1.2 and TLSv1.3 by default so I was wondering if TLSv1.1 had been enabled previously from an older release. 

Also, are you using OpenSSL to validate what TLS protocols are enabled?

0 Kudos
Felipe_Costa
by
Occasional Contributor
‎02-27-2023 09:14 AM

Hi Jeff,

Thank you for your answer!

 

Yes, the server restarted after the configuration was changed. I did this more than once, but the result was the same. Also yes, the system upgraded from the 10.8 to 10.9.1, and I configured manually to the TLSv1.2. Before I set the configuration to the TLSv1.2, it had also the configuration TLSv1.1.

What is weird is that I have done this to many severs with the same conditions, but only one didn't stop accepting TLSv1.1.

 

Yes, I am using the OpenSSL to validate the TLS protocol enabled. Here part of my script to check the protocol.
(OpenSSL.SSL.TLSv1_METHOD, "TLSv1.0"),
(OpenSSL.SSL.TLSv1_1_METHOD, "TLSv1.1"),
(OpenSSL.SSL.TLSv1_2_METHOD, "TLSv1.2"),

Many thanks!
Felipe

0 Kudos
JeffSmith
by Esri Contributor
Esri Contributor
‎02-27-2023 09:34 AM

Ok.  That sounds fine.  I wonder if it is a permission issue of some sort.  I would double-check to make sure the account running the Server service has full control to the <ArcGIS root>\Server\framework folder.  If that still doesn't help, I would recommend contacting technical support to have someone review your system a little more closely.

Felipe_Costa
by
Occasional Contributor
‎02-27-2023 10:10 AM

Hi Jeff,

 

Amazing! I removed the permission for the account running the ArcGIS Server and applied it again. After I ran the OpenSSL and the version accepted was only the 2.2.

 

Thank you for your help!

Best regards,

Felipe

0 Kudos