如何禁用TLS1.0&用于glassfish管理控制台的TLS1.1(管理侦听器,端口4848,jdk1.8.0_261(?
我不想在服务器级别禁用它(/usr/java/jdk1.8.0_261-amd64/jre/lib/security/java.security(,因为它可能会影响在它上面运行的应用程序;侦听器端的TLS1.1。
当我试图通过命令行禁用它时,它会抛出以下错误:
[root@appweb home]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.admin-listener.ssl.tls-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
remote failure: No configuration found for configs.config.server-config.network-config.protocols.protocol.admin-listener.ssl
Command set failed.
[root@appweb home]#
我通过玩asadmin找到了解决方案。以下是最终结果:
[root@appweb]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls-enabled=false
Command set executed successfully.
[root@appweb]#
[root@appweb]# /opt/glassfish5/glassfish/bin/asadmin set configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls11-enabled=false
Enter admin user name> admin
Enter admin password for user "admin">
configs.config.server-config.network-config.protocols.protocol.sec-admin-listener.ssl.tls11-enabled=false
Command set executed successfully.
[root@appweb]#
然后,重新启动glassfish服务。
这将禁用TLS1.0&用于glassfish管理控制台的TLS1.1,该控制台在4848端口上运行。此外,还有一个解决方案:https://www.tenable.com/plugins/nessus/104743